23542300x8000000000000000136024Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:18.822{6EDEAD03-504E-615D-3000-00000000FC01}2448NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136023Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:18.728{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D249380DCD402D6FB9A05D5E1D6DB244,SHA256=A624EBAA947AE32342AB60E8211A0B36A17048870403B545ED9F68C1206722FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119370Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:18.155{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=542E2457433A01BF6B5525C95DF31B97,SHA256=9430FEBECB381677076191DF6218F660FAAB199A4B05239BF757A52577DD7C0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136025Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:19.775{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=35D10A236B5AE1DF16C0EC40F1585257,SHA256=29E5D2CF2B1E3E720A040FA57C4ACDB3BDBA0CE7455C0BE60F42839B05F35CDF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119371Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:19.170{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=78BB8129E8691B9F151ED6707B00529C,SHA256=95BF8122637F934D9F481A4D743067849EF6910965235B4B97DC774CC84092AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136027Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:20.791{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=631425A872C8B906A738C54E25D49D6D,SHA256=3EC02863E7D60514CC8977AF1B8AFDFE21117DCBB27BCA62E6E4C5A6B4FD7AA1,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119387Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:18.602{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50513-false10.0.1.12-8000- 10341000x8000000000000000119386Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:20.577{49C67628-6004-615D-6B02-00000000FD01}32283472C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119385Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:20.436{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6004-615D-6B02-00000000FD01}3228C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119384Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:20.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119383Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:20.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119382Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:20.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119381Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:20.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119380Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:20.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119379Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:20.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119378Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:20.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119377Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:20.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119376Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:20.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119375Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:20.436{49C67628-5042-615D-0500-00000000FD01}408528C:\Windows\system32\csrss.exe{49C67628-6004-615D-6B02-00000000FD01}3228C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119374Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:20.436{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6004-615D-6B02-00000000FD01}3228C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119373Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:20.437{49C67628-6004-615D-6B02-00000000FD01}3228C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119372Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:20.186{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=41F775DEF73A1E2FA0F7C5202618757F,SHA256=15229008FCABEFDC14453D6803211769319DF6FCCD0C45ADCAB4BC2B95DFA0F1,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000136026Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:18.136{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64520-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000136029Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:21.822{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=900AFD71FD683577927459C1EB8B2E31,SHA256=43E577ED81BD76F7A20D6FF5D0D590CCBD759CC97E7DCB323EC96594C340CD44,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119403Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:21.655{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2AE357E3F07CB643578CA8C2A263DB94,SHA256=13544088AD2004877279B89797ABECCC43A53542C313D6D6E063B5AF95316FFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119402Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:21.655{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A63F6792B006C86036FCD52F6FB510F0,SHA256=108BC091218DB5C2C5C86515EEEF40C0F3467DA516A87D9E3A17FAF057AD754C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119401Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:21.327{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0453375299742842995A7409E413E48F,SHA256=F3F5387D69C49D1CBCE06957B9CD872F5A2423A2A8F6AD670E81B8624FC0D195,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000136028Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:19.339{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64521-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000119400Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:21.108{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6005-615D-6C02-00000000FD01}2204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119399Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:21.108{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119398Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:21.108{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119397Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:21.108{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119396Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:21.108{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119395Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:21.108{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119394Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:21.108{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119393Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:21.108{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119392Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:21.108{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119391Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:21.108{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119390Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:21.108{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-6005-615D-6C02-00000000FD01}2204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119389Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:21.108{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6005-615D-6C02-00000000FD01}2204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119388Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:21.108{49C67628-6005-615D-6C02-00000000FD01}2204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000136033Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:22.885{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=46701BDF7DF6F70D66BC8E0BCF884DC2,SHA256=34976B6AEF4593365B28B08F4F582033332C52608AEF24A739E66A8D726AE091,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119417Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:22.342{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2DDE20CC706BA4D1B4EB89764807F1CA,SHA256=608639C4DD9BBA1DBD236AFB1E1F2E18E45205BCC06ECB3B024F737E4890DB5A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136032Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:22.431{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1500-00000000FC01}1236C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136031Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:22.431{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1500-00000000FC01}1236C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136030Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:22.431{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1500-00000000FC01}1236C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119416Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:22.280{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6006-615D-6D02-00000000FD01}2280C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119415Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:22.280{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119414Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:22.280{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119413Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:22.280{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119412Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:22.280{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119411Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:22.280{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119410Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:22.280{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119409Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:22.280{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119408Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:22.280{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119407Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:22.280{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119406Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:22.280{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-6006-615D-6D02-00000000FD01}2280C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119405Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:22.280{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6006-615D-6D02-00000000FD01}2280C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119404Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:22.280{49C67628-6006-615D-6D02-00000000FD01}2280C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000136034Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:23.916{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A23D830E6E8E8A315519ADA052F1BADE,SHA256=46C6F15CF9912AF8E953552EABC5D9A01FF3F83EAF27F7335D2E6C0D69B143A8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119433Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:23.531{49C67628-6007-615D-6E02-00000000FD01}26122500C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000119432Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:23.514{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2AE357E3F07CB643578CA8C2A263DB94,SHA256=13544088AD2004877279B89797ABECCC43A53542C313D6D6E063B5AF95316FFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119431Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:23.420{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=569D74923D052B5EE50FBF8048462888,SHA256=DB35AF0A7CF42199452FFD48D8FD24FE4B595300DE42E7E77DA58A1EECB9EC03,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119430Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:23.358{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6007-615D-6E02-00000000FD01}2612C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119429Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:23.358{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119428Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:23.358{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119427Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:23.358{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119426Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:23.358{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119425Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:23.358{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119424Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:23.358{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119423Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:23.358{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119422Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:23.358{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119421Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:23.358{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119420Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:23.358{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-6007-615D-6E02-00000000FD01}2612C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119419Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:23.358{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6007-615D-6E02-00000000FD01}2612C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119418Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:23.358{49C67628-6007-615D-6E02-00000000FD01}2612C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000136035Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:24.978{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=693E7E77B3F0B1C84E4B8D966F4C4E54,SHA256=DA1C0424227E07972C2A5C92A699355DB48124B11E84EB921744B57198CB865E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119448Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:24.576{49C67628-6008-615D-6F02-00000000FD01}40084016C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000119447Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:24.467{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6770B2BD10C6D9086428196E97C0DD0D,SHA256=272D380B72720DAC6AEC01BE70F7A39F9F5A7EC24D2E99D5F4223D00841768AF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119446Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:24.436{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6008-615D-6F02-00000000FD01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119445Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:24.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119444Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:24.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119443Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:24.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119442Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:24.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119441Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:24.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119440Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:24.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119439Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:24.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119438Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:24.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119437Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:24.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119436Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:24.436{49C67628-5042-615D-0500-00000000FD01}408528C:\Windows\system32\csrss.exe{49C67628-6008-615D-6F02-00000000FD01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119435Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:24.436{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6008-615D-6F02-00000000FD01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119434Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:24.436{49C67628-6008-615D-6F02-00000000FD01}4008C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119464Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:25.545{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AC019E3D07F119F9FEECE7002F76F716,SHA256=6B376B00C67006F2C61A2AB85841D8611B5E29EEF652525B3890B88BBDFDA91D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119463Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:25.545{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5278ECC501C0DDD888835E4904F7B4E9,SHA256=4DD9F2DDBBBEEDAD4A898AFF2160A4F3AF2E8777EF3213ED99FED5FBEE180139,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119462Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:25.232{49C67628-6009-615D-7002-00000000FD01}24403208C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119461Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:25.108{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6009-615D-7002-00000000FD01}2440C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119460Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:25.108{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119459Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:25.108{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119458Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:25.108{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119457Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:25.108{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119456Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:25.108{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119455Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:25.108{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119454Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:25.108{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119453Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:25.108{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119452Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:25.108{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119451Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:25.108{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-6009-615D-7002-00000000FD01}2440C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119450Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:25.108{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6009-615D-7002-00000000FD01}2440C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119449Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:25.108{49C67628-6009-615D-7002-00000000FD01}2440C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119466Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:26.576{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A2D3A1A4D4BFE67BB6A2D1A286026EFB,SHA256=FDDAE58CED708F51FED043F0EF9F0339EBD63D0697008F5440513D29FFB906EE,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000136037Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:24.479{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64522-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000136036Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:26.010{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B1A0A24FD74F473899E51335DBC7E1D7,SHA256=8CDCC84D09ED72927BE62F2F1546D598FE6377B4B17D1C134C94E0C9465A37E7,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119465Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:23.633{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50514-false10.0.1.12-8000- 23542300x8000000000000000119480Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:27.670{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A3C17BB8E5A7694AF8B17DCAFB8D9D01,SHA256=A0E6DAF1669E9FE5A9B7CC61BDD7A116CD928642C6F29EF19613A548B1F636A6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119479Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:27.014{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-600B-615D-7102-00000000FD01}4084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119478Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:27.014{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119477Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:27.014{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119476Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:27.014{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119475Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:27.014{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119474Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:27.014{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119473Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:27.014{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119472Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:27.014{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119471Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:27.014{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119470Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:27.014{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119469Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:27.014{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-600B-615D-7102-00000000FD01}4084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119468Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:27.014{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-600B-615D-7102-00000000FD01}4084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119467Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:27.014{49C67628-600B-615D-7102-00000000FD01}4084C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000136038Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:27.025{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=158D96D8AE84276F7548ADBB98C67435,SHA256=0DAA84D6DB1889DE121103D1EAE53BB7512B8FAA826BB14F879182966927457C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119482Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:28.701{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=44D11F3706110896786F03EA45CCFF15,SHA256=805A1D0C8986A01DEFF5ED1AA342AED3EA4909DDA2D86F8C68F0C811554DD072,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136039Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:28.103{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1FCE6DD7FD2E1961E8E1169F9F82F210,SHA256=C9F14843D3779B4EC20BEBF457DA80ABD1F1EDBF0F001AA356380BBDAC1014D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119481Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:28.232{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F8CA0D28DC49E0B77D108CB85778FF33,SHA256=1126EFC79D1094E18559512770B88660E9C41D9F248C3B18B84C8F8C64C6C443,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119483Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:29.748{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=77603C0B2C5BB9FDF74B61505E860FB8,SHA256=5818DB2F69BC54A95A6FB7FF0ED9A56CED2057F516F1E5A1966BB40CB90671F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136040Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:29.135{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=63F91B94A567CB3A1D5FB032974B7935,SHA256=E4303544BCDB2F1A3F8ADEE5E125F0FFE8BC3068FAAAD9FA949CF278F71015B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119484Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:30.754{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=12357086362D4D41E5187A82EFCA2AE3,SHA256=6555CEF7AB5FC56CFC826594ABF1DF705BD82155A3703577DF55468677EBDB63,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136041Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:30.171{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0CD153DE84CCE6150B44D09E12406A7,SHA256=0B75847A1D71AB91353AC168644D87C9F5DAAF54AF9BDDE3E5EB65AF6EF30756,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119485Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:31.770{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DAF7B9726E6113C9E3FD5E4FC2A87EC4,SHA256=C726CD9616FCBCDA2771F420F736CB256CC7F431FB013C3000FC42D20719F014,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136055Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:31.202{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-600F-615D-9802-00000000FC01}4852C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136054Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136053Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136052Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136051Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136050Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136049Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136048Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136047Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136046Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136045Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:31.202{6EDEAD03-503F-615D-0500-00000000FC01}408424C:\Windows\system32\csrss.exe{6EDEAD03-600F-615D-9802-00000000FC01}4852C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136044Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:31.202{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-600F-615D-9802-00000000FC01}4852C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136043Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:31.203{6EDEAD03-600F-615D-9802-00000000FC01}4852C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000136042Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:31.187{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=615D4C9E43DE73D41EF10769AD7A861B,SHA256=9220392FA410507A60DD5CCFD5DFA9C6F711586FAAF16C7550B4823274FB0CE6,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119487Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:29.671{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50515-false10.0.1.12-8000- 23542300x8000000000000000119486Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:32.832{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=20944E9860A5D90117897AC064545527,SHA256=49D3611EDAE8F21A6660C66B74FB91CB2967A227DAF750F223CFA0D40B6E696B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136072Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:32.702{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=83897C20743A5721892D72E89F5AF03A,SHA256=7C8642F3A190F27065A7F6D525472B8DFF6EF06A172B3A7E50E996186C8AA354,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136071Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:32.702{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F54F44F9CDF8266370761790AAD4D92F,SHA256=CD63B2B8CF3E81C1902915BD939FEA9CA3570935812E80D2735CAFBDBA538363,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136070Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:32.702{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8B06140D519068C1A2F1DC349A11B3EE,SHA256=D6A3FA42ADF8A12ECCA961709D685A841C86A49031C2CBA85FD79BA4F6F89EB7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136069Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:32.312{6EDEAD03-6010-615D-9902-00000000FC01}52604640C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136068Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:32.171{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-6010-615D-9902-00000000FC01}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136067Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:32.171{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136066Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:32.171{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136065Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:32.171{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136064Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:32.171{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136063Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:32.171{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136062Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:32.171{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136061Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:32.171{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136060Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:32.171{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136059Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:32.171{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136058Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:32.171{6EDEAD03-503F-615D-0500-00000000FC01}408404C:\Windows\system32\csrss.exe{6EDEAD03-6010-615D-9902-00000000FC01}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136057Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:32.171{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-6010-615D-9902-00000000FC01}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136056Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:32.172{6EDEAD03-6010-615D-9902-00000000FC01}5260C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119488Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:33.895{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB75AD0CDC1BF6D7C36A45EE57BAEBC2,SHA256=C0A6955E2B75EE76DA71A2F70B3C3256BD0DEE3EB7751A6C3D99A06B92ABCC58,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136087Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:33.327{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-6011-615D-9A02-00000000FC01}1560C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136086Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:33.327{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136085Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:33.327{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136084Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:33.327{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136083Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:33.327{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136082Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:33.327{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136081Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:33.327{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136080Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:33.327{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136079Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:33.327{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136078Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:33.327{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136077Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:33.327{6EDEAD03-503F-615D-0500-00000000FC01}408404C:\Windows\system32\csrss.exe{6EDEAD03-6011-615D-9A02-00000000FC01}1560C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136076Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:33.327{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-6011-615D-9A02-00000000FC01}1560C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136075Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:33.329{6EDEAD03-6011-615D-9A02-00000000FC01}1560C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000136074Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:33.312{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7695D3940A33A2049B31CAE73994993F,SHA256=13602C6B22F495AD969994F3E9D930B7CAD50A23BDC48F5D4ABB75D2A66CD1C0,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000136073Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:30.391{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64523-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000136103Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:34.608{6EDEAD03-6012-615D-9B02-00000000FC01}60244776C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136102Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:34.468{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-6012-615D-9B02-00000000FC01}6024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136101Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:34.468{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136100Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:34.468{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136099Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:34.468{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136098Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:34.468{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136097Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:34.468{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136096Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:34.468{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136095Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:34.468{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136094Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:34.468{6EDEAD03-503F-615D-0500-00000000FC01}408424C:\Windows\system32\csrss.exe{6EDEAD03-6012-615D-9B02-00000000FC01}6024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136093Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:34.468{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136092Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:34.468{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136091Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:34.468{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-6012-615D-9B02-00000000FC01}6024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136090Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:34.470{6EDEAD03-6012-615D-9B02-00000000FC01}6024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000136089Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:34.421{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=83897C20743A5721892D72E89F5AF03A,SHA256=7C8642F3A190F27065A7F6D525472B8DFF6EF06A172B3A7E50E996186C8AA354,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136088Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:34.358{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=154EAC5BFC7797DB07DE12653DB946D7,SHA256=E55D27608DCE19BF7569F56AA2D9A2E11AC917EEA466CF1F8AA97FD1ACE9EAE8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136135Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.859{6EDEAD03-6013-615D-9D02-00000000FC01}5788324C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136134Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.671{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-6013-615D-9D02-00000000FC01}5788C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136133Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.671{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136132Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.671{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136131Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.671{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136130Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.671{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136129Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.671{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136128Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.671{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136127Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.671{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136126Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.671{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136125Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.671{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136124Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.671{6EDEAD03-503F-615D-0500-00000000FC01}408356C:\Windows\system32\csrss.exe{6EDEAD03-6013-615D-9D02-00000000FC01}5788C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136123Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.671{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-6013-615D-9D02-00000000FC01}5788C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136122Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.672{6EDEAD03-6013-615D-9D02-00000000FC01}5788C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000136121Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.655{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=56844F43B0030140BC9825836AB65A1C,SHA256=72E690A39E70D83FE99380CCEA2BA34D537D4B468E4A64EA0C9588651006DA02,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136120Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.608{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=61DAE074CC618F8E79695B486005DBBB,SHA256=AFE1A866088159983C798EE2A6F3A7E3FC69A6D51CB8AD95F483286CA764CC25,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119489Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:35.035{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A55534A88D5675A041A4F92E7F1ED312,SHA256=618BCBD375F6BA8E7845DE8346513F304676C7A053A8EF960916F63BD68BFC0E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136119Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.312{6EDEAD03-6013-615D-9C02-00000000FC01}54281768C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000136118Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:32.735{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64524-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000136117Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:32.734{6EDEAD03-504E-615D-2700-00000000FC01}2916C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64524-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 10341000x8000000000000000136116Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.140{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-6013-615D-9C02-00000000FC01}5428C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136115Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.140{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136114Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.140{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136113Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.140{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136112Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.140{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136111Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.140{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136110Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.140{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136109Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.140{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136108Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.140{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136107Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.140{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136106Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.140{6EDEAD03-503F-615D-0500-00000000FC01}408524C:\Windows\system32\csrss.exe{6EDEAD03-6013-615D-9C02-00000000FC01}5428C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136105Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.140{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-6013-615D-9C02-00000000FC01}5428C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136104Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.141{6EDEAD03-6013-615D-9C02-00000000FC01}5428C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000136137Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:36.890{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EF839C2F909EAA328FAF08177FBAB58C,SHA256=B3A77C920387D84CB44540AEDF049A2E2116AE1D0C7B273272C3E2F55EBC69C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136136Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:36.687{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=047A5B0D8D13958947C035F81200CBD3,SHA256=406EE5ED563A6F4055913417CC01322D1BBC43AC2E92BE4882F2F8759E73ADEA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119490Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:36.129{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EE082182DE445EEE0F8585869A1E3D3F,SHA256=1DF9A0307F8376B32455893E853A176FD2EBAB9F1175AEAFFF5419ECFACCC95E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136152Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:37.718{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7B38CF46DBC898EFBC85FC49907A035F,SHA256=5906E6FFA5548A8DFE9B1A02FB038A44AD06327C1B1DC5BACE83EF780694A5A6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136151Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:37.718{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-6015-615D-9E02-00000000FC01}5756C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136150Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:37.718{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136149Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:37.718{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136148Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:37.718{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136147Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:37.718{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136146Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:37.718{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136145Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:37.718{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136144Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:37.718{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136143Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:37.718{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136142Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:37.718{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136141Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:37.718{6EDEAD03-503F-615D-0500-00000000FC01}408356C:\Windows\system32\csrss.exe{6EDEAD03-6015-615D-9E02-00000000FC01}5756C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136140Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:37.718{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-6015-615D-9E02-00000000FC01}5756C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136139Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:37.719{6EDEAD03-6015-615D-9E02-00000000FC01}5756C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119491Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:37.254{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B5DA6C4C8BC303EC70FE1D88BD349166,SHA256=FBCB421750BB8860F37F09EF6E0807E2B605968032BAEE68E71791CCFCC94D81,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000136138Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:35.453{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64525-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000136154Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:38.937{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E6485A0BBF4B3C8437F0B848ADC16407,SHA256=6D6D2F5838CB73DA7F243273DA9BDEF3319107559CBB0586124069DCA2C70BBA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119493Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:38.348{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C4A0B15D86089A0DE95BF062FF569B7D,SHA256=AF3EBB10A9FE4846F6C7ED880073AA06CB6A831C6AEF36CE9ECBD472D16367AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136153Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:38.780{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D3AADD4272945B4E25E59DCB89DB6130,SHA256=A6F796B96ACBA68205CAF741B4D279D87D72E1316B24D1537F7674E963962692,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119492Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:35.639{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50516-false10.0.1.12-8000- 23542300x8000000000000000136155Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:39.937{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B10D7B4511862EC5C4E3D7EB0F3C0016,SHA256=6ACD00B6587EBB063848BF1AB5FB5A8AFC1639DFA11AD1E29BF88AA1FDDCC55E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119494Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:39.363{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C911A9DB35F7C54AE5BE37AAD29A86B3,SHA256=AAEA944C7F7F0B64420AD812C2383BA57BC1DEA685D98894B20B70E3E7587143,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136156Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:40.968{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1490E7F609C4255074E6DDF0A7E87F02,SHA256=D571A99823EEC6CDCEC65781FF8D61CDEB60BEC88867E61D9DF7F07182F2B88C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119495Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:40.394{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=79D67E6E19DBADE416D2822B8521C133,SHA256=A2982254DF3E753980DAF792149939EC5504007037D472B8F51C689A9F478CB0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136157Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:41.968{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2590662D1FED125FBE3DF4CE5E15A6E6,SHA256=3A934386F6658346277482EBFB821BF17696225D8C8976A6F02AE05B55EBC6A3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119496Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:41.457{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=005901C8C9EC8AD28D34D4489D32A7D4,SHA256=FE9DAC076DFE1D10386B7E66B2A88968722F2332497F8E5B6B139EB4FF74029F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119497Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:42.519{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E23554A3B17E070AD88BDBF4D56002C4,SHA256=DBF025D393DD15FC02A610DEBC63528DA102D3D83ED45C91984AD82AEEDF6F00,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119499Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:40.779{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50517-false10.0.1.12-8000- 23542300x8000000000000000119498Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:43.566{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9B8F5CFFC4C5C935F137A5CA29C317FF,SHA256=4B96F9DA414C3221987C3B3B55980F6F52ED96887ECD8EBA43EEE4BA481F90DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136158Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:43.015{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13364D680E738E4575F83DD02981BC60,SHA256=10B823C475E299EE87A69957CCBE966487C40EEF941B1690D102EE9550934C68,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119501Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:44.597{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=75C4681B77C5B57BDC0E974AB600E733,SHA256=86198B01C3D2265C07162ABEB0700A039A9D247DFB293D2AE8E95C05B6D746A8,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000136160Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:41.454{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64526-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000136159Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:44.030{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DACBA1DEF1D8A5FFD27595BDE05A1FF3,SHA256=CE11512EA0CFE07F76DE67BF9298A536C23FD99CB2BECD9B763E0311766B8C32,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119500Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:44.191{49C67628-5044-615D-2200-00000000FD01}1580NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119503Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:45.784{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C2076505B4A95F2C633F9407C46C152,SHA256=1DE45C98D17C008ED07D219313B29AE7A101D100355F0936CBD6D1105E1FAF90,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119502Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:43.701{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50518-false10.0.1.12-8089- 23542300x8000000000000000136161Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:45.046{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B2872B6BE78DB5ED2BB105C8764E765E,SHA256=D3568A7E985B38A870B5BC603AFE748C74B6EE55C0CCE86F2B1356E3B19CDBB1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119504Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:46.816{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=70F1B5D70D6A6B6F1ACE0192B1ADA3B9,SHA256=B762FCC60E7F052A3B5F1E4E150A5CB1179CCA1906B9047E16ED7BF00A09C91A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136162Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:46.062{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=965077AE45691D288284E5498E12F7D6,SHA256=345E24BDB39B349E9E41B1D6F12857321891C8339E66EEA359A7F8B2CFED2F9C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119505Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:47.941{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ACF826EBE352018444C0F0E6EF03692B,SHA256=8D5B941C4ADC47CCD8A768A5C0049C8193535B95D7B9B0261CCDBA9865CB06A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136163Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:47.062{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=183F98E119F426864E98347CF40FD7F2,SHA256=3B90415EEB6FBA1F56FCE6C56E1C454346B69DCFBC10FF03C5105CE099E6543F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119506Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:48.987{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A74EE8644F02BD4137420472E581C60A,SHA256=0516C748B2567CD8444F2C835EA7EF71A83E7ABB9F40F5F469F36921744FB5DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136164Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:48.062{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE67F6D078DCF096E3DE61332A9D0DCB,SHA256=9E6EB5E0F06B941A797F5F8FD3A7FFF85D6292D746BCC2C5707A8EC4A787762D,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119507Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:46.607{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50519-false10.0.1.12-8000- 354300x8000000000000000136166Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:47.469{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64527-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000136165Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:49.077{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=93E055AABE54EB67EE46B2ABBBC1EE78,SHA256=A090073A80CCB161503BA8DC0FE312C292AF0AD476CB9278F17E8A9A5EC5B7C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119509Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:50.857{49C67628-5044-615D-1A00-00000000FD01}1860NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211006072910-065MD5=266A8C17E3E1B8A0B29A8C5E77CA200E,SHA256=01EFC44F32696762DC9319663F7889EF6AAFD7A8B30AE6A823FD17BD5EE43D66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119508Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:50.010{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E8651924E964AE5E20E928996D6AD1DE,SHA256=982FFAFD036F3C748D3E55E9CF75CA9DA2B40BAF6ABC9DFA48D387A0F689E8ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136167Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:50.093{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0039FA3F53E060B668809BFB4F80B8DB,SHA256=FD1913C56658C3085B1819F32B6BFE22B39C752C6FAFB8D40C376FF63F70C5EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119511Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:51.857{49C67628-5044-615D-1A00-00000000FD01}1860NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211006072908-066MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119510Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:51.137{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=51DA04803EA9EA506F595D78E1C2A16E,SHA256=913061B444981C48AE4AB286F35D3D48FB3CAF785A351571E1925249E61A7C2E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136168Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:51.098{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=564207697C9AC18B1A879EEE11362EB2,SHA256=109D36D09DB95EEB189AE0A75D35FE3B30CAB12BE8EEA2EAF8DDD9AC61A71158,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119512Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:52.245{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6352D2F64CFE8E7980C35D8D97094FDB,SHA256=0660DA1A90984072DC901333C6EFCB7186B3452B81F8E833CCB17A865D3FB7BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136169Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:52.114{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1DC3BAD79E607696339EBB90B01EE7A9,SHA256=5E2F5E6473F3DA4423751CEF70B7567491D6BBE2C7F7994C70D0247E393C79E2,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119514Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:51.614{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50520-false10.0.1.12-8000- 23542300x8000000000000000119513Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:53.372{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A99DE10F90556BB426CE3465B4BC9BB4,SHA256=C1916CE322F8467DE96F06DC29AE8285DA9E7A32A0D685665E61B8AB0E486413,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136170Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:53.129{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E4937179D6AFF378E81A0D17E185B0F,SHA256=5460625D249C6051C8272311B5E11CF4F45AB9A189974A45F6642D037BCFF1E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119515Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:54.403{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A04BE266CE9C6E2904F81BE21D20B74B,SHA256=08AB5052562623F717AB189DBCC13774A79D38BFEE84B91D3167FA8F76E0497C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136171Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:54.145{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE7733A8589891129DD79E858AB27E5B,SHA256=42F2FB39FA35D046B923D07A42C2923C91D02B4F9EB73B16B1BE2925F118D8DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119516Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:55.622{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C6EFE990D04C924745F33358E930A0B8,SHA256=30D3ABCBC57CB67EBAA247530F9342953C2EE81F0C36CD4961C34C7188C78854,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000136173Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:53.491{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64528-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000136172Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:55.161{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B67FC80D023CA4FB1DECCDC36CDE8285,SHA256=DCF46661872B9C2236E756E6284B6394C4E99E6D3088306C6036568382115335,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119517Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:56.700{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C5553A9237F5F17A93C7B42443A54C85,SHA256=10756CD0345A96A4BCF4770431B14A4213E3D65CA2A11FCF2825942ADCAC52DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136174Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:56.176{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=95BFBAC5024475F36AE6B868904EA94C,SHA256=0D60FF222822A2E6CF12012928BF008D34320805FA3B3D9508B964DDFD1BF4F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119518Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:57.700{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B67004C650D8A95AA8539F169023440C,SHA256=6A9D45C79B9ACE0256D5691B2896D838F494D5DA8A3AA4C83499AA285AC8C721,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136175Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:57.192{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4BD07A40A97DEE313FDDFA063ED372EB,SHA256=FF996A114BE00324A50A24F78144C10F46AD9D8D6A2532DE53CB57F952F489C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119519Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:58.715{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=60E24F8312B5EF566F1D4F14D731333E,SHA256=B3A8F1CFFBC77E573AA4040DC496BF8976DB7876D9AA918BC61B4A11F2395B79,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136176Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:58.192{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EF8A4E6682698D74EB86F265258EB589,SHA256=2004DB2B42A3F24287218DC5D2CDEC104AA8BEE88EC5FE0DEEC51DFE89221221,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119521Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:56.772{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50521-false10.0.1.12-8000- 23542300x8000000000000000119520Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:36:59.731{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5E27D88FF808AD238E9C6EFDB4E73067,SHA256=D0AC1F3504FB84C5B46FBD5C857CF56B32C2C05899BFE67CCEAEDE8A7B077E34,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136177Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:59.207{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5F98AB7607C7FEC768E6EF8E794BDBBE,SHA256=7D49EC30046F334F7CFB345BB3FF57B0E645D56C606DE022A3085E7043781BE2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119522Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:00.746{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7A29F8A9F0145122A8237471E91DE93D,SHA256=9F6E58A2F56161845CCA201514C639FAE809682EF4093CE46B0602418CCD6663,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000136179Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:36:58.536{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64529-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000136178Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:00.207{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BCC23A847BDEA1BA25EFED6A0719992A,SHA256=D02690786EDDA6A56B4371C8238547DDB42CAC89985EFD225AF1A048CD5B495B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119523Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:01.762{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1BA14CDA1F6B3F26540473B773DD81FC,SHA256=12AD46DFB208E28F981F5FAA48BFEC646B829E74EC4B0F816649BEAFCE5D0D10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136181Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:01.570{6EDEAD03-504E-615D-2800-00000000FC01}2924NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211006072921-065MD5=58D52BFFD80488B8005F7C319C2D4334,SHA256=B9D8441D1BC2ED8425146F5F211E2A21C477807F4E0B7EBAD9811C868FAB9279,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136180Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:01.209{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=94604EA7052A1164290F200C309D1E15,SHA256=FF815CF67899B34C0AA268EE9586FE49D20BB4F4CA1C43C649A5C184988DFBDA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119524Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:02.777{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3AF7EDD79E6BD2DD5EA5B84BD1F471A1,SHA256=63FE9C86FE6368EE9451A5E0CBC398CAD772AB97EEEC446BE9B4E5E34468A632,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136183Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:02.584{6EDEAD03-504E-615D-2800-00000000FC01}2924NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211006072919-066MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136182Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:02.224{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0BAFF2614706C79F21054D29328845AF,SHA256=DAE7605F87516440A2777A5FEFEEE54CE7B1AA23E8F5B5347ADD2AB5D87B0C56,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119525Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:03.793{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=201722F922E548AA96F0F30D81EA6DB5,SHA256=F9ECC10E6E56FA85EA17C7DE5BFA17A5173E9ECDA07C3F760C9353B0854E2985,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136184Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:03.225{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=972B28E34A4F59BA6730E295B3377E4E,SHA256=267925DCD1F65866B9321B1F6B86919E84EBD4467B0BD05BFD5AA7F096EB5CDA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119526Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:04.808{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2216CAC7D9FA38A35EC4C985FC1D91F0,SHA256=40D7584B31AEC1DFADCB7E3A63A78D55F21B8ADC65D22391CB73CF74BBA35179,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136185Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:04.241{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=117EB70814E0A65F882BCEF817E7F05F,SHA256=FD0E8DF48A53E14C452AAC1BADDC724A1466321EAFB85A188D7FCCF0BABD03B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119528Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:05.824{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A40B378F8D72366E12D4BE7BD8B4ECB,SHA256=BE527C3C4BDCD0F399CB834A4CA673B4EF94DA5D2E10868C09CC1D9B73E8B2FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136186Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:05.241{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D99F6B2C41298D752A5FB025A19F9064,SHA256=3464991CBD65E1D4170A2612774B1BAA9B99891B2929E3E35E6CE722594BA243,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119527Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:02.771{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50522-false10.0.1.12-8000- 23542300x8000000000000000119529Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:06.839{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=49AE992E6FE464BA922D19B698CC5C29,SHA256=0F47D031A922B4C81A5F7021F79615E44DBC7239C1677F645CE38F990B562CCA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136187Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:06.257{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=931CE3B22A56B37F91232E0ECB5BB798,SHA256=04D9BE97F8B273256E4B1A89D3FE5672A8317CC52A07F523A2D1F60967ABF3F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119530Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:07.840{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F632D2CF87AAF288DDF47830AE0F1EF,SHA256=6A4E6609065385E5D91A903DBE05756F176E0E855FF898C120B3DFB2F12FC6BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136190Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:07.257{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2DDDEB876FB198D9884E2F509BDBD994,SHA256=E453ED705BAF4BD24FE911B71A204E8DC776942978B4EEF3EA8F231B6F8E7F4C,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000136189Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:04.508{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64530-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000136188Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:07.007{6EDEAD03-5041-615D-1100-00000000FC01}380NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=EF9A880F6A4FC15D541F512D2DE66AE4,SHA256=50EBBDEF25CA0D3F82A0BE3B6C1FB63C946D5C1271E894265FD47E3BE8E83317,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119532Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:08.840{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=82CE85C2A33B60D426898042BDF1994E,SHA256=65A39F08AE93E68B4B2308408B8DFDDE3B8237F9E963F39153FB82B69D93650B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136217Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136216Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136215Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136214Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136213Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136212Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136211Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136210Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136209Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136208Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136207Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136206Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136205Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136204Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136203Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136202Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136201Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136200Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136199Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136198Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136197Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136196Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136195Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136194Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5393-615D-1301-00000000FC01}4456C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136193Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5393-615D-1301-00000000FC01}4456C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136192Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.632{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5393-615D-1301-00000000FC01}4456C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000136191Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:08.272{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E058A24A6DC916CCDE96BF962FCE62EF,SHA256=E24C21690D7708AFCEE6C5FB4A22166ABACEDD1356F1A068B873BFE8F6BA4140,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119531Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:08.731{49C67628-5043-615D-1200-00000000FD01}1012NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=5029F81C5BA7D241C1ACC712722B076C,SHA256=A2EECBE8AE132ADF895ECB87B2EEEBA525CF740163EB373B91AAD61A0EA940EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119533Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:09.841{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0D8BB39E476BA706BE3671E328260DED,SHA256=DE02333FB84CD0F34C68C2FD0E71A58176B7E894293205B4B80C0BD5BEE542C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136218Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:09.288{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=74CF226C9F668323FB057F4D4D72FDB8,SHA256=CA9265B1EB5323B0DDE6F2602D13E2199E84882B76D224C07014361555D96C00,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119534Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:10.853{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB040491060C8C060F7D7DFF4D6E9A5F,SHA256=F59879DF5B75567367D0A5242B879144510B8CA6DF4E20E608572686ECF7E846,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136219Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:10.300{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CC2378A0748AD4361E8089F6181585CA,SHA256=31AA2F6CCA48D773F39DF64883A69155BC13A27E68EB32DCF54A48A1AD5E4F40,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119535Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:11.854{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=519CB25515B888FB6D4EC3745AFD6985,SHA256=F00BB234FDA209FCF48EA961CD63CCE3FAEDB32EDBA529D747FF8C908652E62A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136220Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:11.316{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EAAB980C8A5B015E8AF6FE629DD418DC,SHA256=360CB2EF707ED18D23C1B83B6453F2B9C361C9B824690450A944861FB9295C10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119537Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:12.854{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5031D650D34CCE6F90DD007B36994BA8,SHA256=478C278CAA4F4208BB57215293FA1937A42FC3AAEFF928C744258D743D7B1725,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136221Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:12.332{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B66A9DF632EFE99394F1BC558D3CC56,SHA256=583FBAE1A7D0E8C09622541B44C53B69DB44BB7B2E839DCDBCE5ECEF9E47B710,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119536Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:08.741{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50523-false10.0.1.12-8000- 23542300x8000000000000000119538Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:13.854{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1D2084ABAE21D9D9EB1492052CFCB0D0,SHA256=C556BB0B9C624E76CB633516D44DDC8D45F5B72D6A1C129CF4A09C9E0CFB9CAD,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000136223Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:10.411{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64531-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000136222Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:13.347{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=124099375614FB3FD76038FEA45880F2,SHA256=CE71FCCC337C96A87F773D24BC8C1E08A0F255EFAE85C297020338591DAB66A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119539Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:14.855{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=408E4BDE4F5B475A2424835CBE7C145D,SHA256=047A2F93FBF26B910674C70184912B770EB6E2F740B2784F5961E712CCD18329,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136224Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:14.363{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EE0CFDC93F58A93C95F1341C1905787A,SHA256=A24069692C5F5A2D9E775C6E891A5905D62D735ACA6EAA2A2125D74BEC849A35,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119540Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:15.855{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=152E73B2ACCAD6EA9BFD38FCD54F2CEE,SHA256=04FC2C6C17F0E85BA43929E30C845BFEB6F3AF9FDBA8AAA60BF16FE8F546E1F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136225Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:15.378{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BDB0E46200115A1D2B2F615238C0E6C1,SHA256=EA84D7995E4F142D1282B9D12EA7ABFF02CB73702433148654543D74BE48347E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119542Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:16.856{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9C537B1F3447B90C7A7FD723EFF95949,SHA256=6E9EEDA5AE6997DF91EE14F9676970B991D6142CFEBFD83AA6FCF139A44B1BCE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136226Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:16.394{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D3F67DD24115AD5A387349F93C059C41,SHA256=510D5671557CF4C8D142F6D80C3905B63FFCA2748E436B76EE2FB9994653A571,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119541Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:13.771{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50524-false10.0.1.12-8000- 23542300x8000000000000000119543Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:17.856{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1F69DAF89E2F3A3D44C224299BF114B9,SHA256=11149A337EF352A3D6944C70939AB5D33EFFA7F58EE5D6FF60D25B9486017CEF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136227Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:17.410{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C5FB7FBD133CB2474D956BAD9B8F9520,SHA256=210B8E9CCA8881D24A4A021781A66CCCAD340090566579826B25F11CABA59003,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119544Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:18.857{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9C22D748DD3FFB4F017C4AAC4E4E3DA3,SHA256=85C5608F3415F45DC281EED9584C62CDD4770B983F1DE9FC75820A7DCB121775,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000136230Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:16.411{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64532-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000136229Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:18.847{6EDEAD03-504E-615D-3000-00000000FC01}2448NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136228Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:18.425{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EDD1E25894DF0F5FCE7BE02498D4CFF9,SHA256=BB850D46F1D78E3AA3B745410A1533D4FE42F8F8A6A841FFF7074630DD2C996A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119545Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:19.857{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE710278447620E816B44DEFF8F4B832,SHA256=F0814F6C202C412E9DAF3FADA6FE4495B0B84FA44B351F6BF9322A7134C520BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136231Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:19.441{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=524683E32151B24F346F56A2598D09BB,SHA256=D698A14F71DCBD8A78FD4A97B6EBA123DE554A9835143E1AB91085B478976245,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119573Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.951{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6040-615D-7302-00000000FD01}1768C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119572Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.951{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119571Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.951{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119570Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.951{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119569Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.951{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119568Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.951{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119567Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.951{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119566Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.951{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119565Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.951{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119564Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.951{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119563Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.951{49C67628-5042-615D-0500-00000000FD01}408528C:\Windows\system32\csrss.exe{49C67628-6040-615D-7302-00000000FD01}1768C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119562Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.951{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6040-615D-7302-00000000FD01}1768C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119561Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.952{49C67628-6040-615D-7302-00000000FD01}1768C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119560Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.858{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A53E6D6E01F9F1F35EA57525C328F2FC,SHA256=D7D148FA85665FECD03754F87DFD023B53866D94E34F0146A0586C955BBD857A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136232Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:20.441{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D108AFAD637893751EEFD3DDF92DA422,SHA256=0696C839E93BA9F65D9BF97C30BF6573A6C198772C1812FF68945F2C807F43A9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119559Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.420{49C67628-6040-615D-7202-00000000FD01}29482576C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119558Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.279{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6040-615D-7202-00000000FD01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119557Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.279{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119556Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.279{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119555Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.279{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119554Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.279{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119553Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.279{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119552Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.279{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119551Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.279{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119550Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.279{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119549Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.279{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119548Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.279{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-6040-615D-7202-00000000FD01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119547Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.279{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6040-615D-7202-00000000FD01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119546Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:20.280{49C67628-6040-615D-7202-00000000FD01}2948C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119576Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:21.858{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=391344FCF70E127B373EC287BE408BF6,SHA256=067F89C82673A289F0C8CDE945783059335A7263C35BF5B3720292C83C53F81D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136234Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:21.456{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=06F8B52FA154166C5485657B7482652F,SHA256=C653A78930CC008C3C746B01977623ACEC089B4E02E0994AEC1E118BFBBFEF18,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119575Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:21.498{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=155A366F98614EB899EE119A2B47199A,SHA256=80D6AE6E0CE9940DE35A4DEE35452F1A2B498E310396B1D1DFE3465CF3F9E699,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119574Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:21.498{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=16BA8CDF271ADB70A81447FF8F9A9553,SHA256=DBBCA346C0EE33555D77F4653AFED08E134CF5DBC3983372A5643DAF9E99CA6F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000136233Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:18.161{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64533-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000119591Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:22.858{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8162E24FE4FE0E148BAD0C3A4B7D8076,SHA256=30857E745ABF6EC303370F30EDBE36E966C6E004C08FC18C2EBE4308BC933051,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136235Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:22.472{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F054CBE69CF4C3916C91CB26F0A5F88F,SHA256=08E2E4BA6D9DB3E8E50DBD245E85FE193F633DB2618C992DC4DB6F35A6C6188B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119590Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:19.742{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50525-false10.0.1.12-8000- 10341000x8000000000000000119589Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:22.280{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6042-615D-7402-00000000FD01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119588Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:22.280{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119587Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:22.280{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119586Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:22.280{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119585Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:22.280{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119584Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:22.280{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119583Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:22.280{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119582Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:22.280{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119581Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:22.280{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119580Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:22.280{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119579Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:22.280{49C67628-5042-615D-0500-00000000FD01}408528C:\Windows\system32\csrss.exe{49C67628-6042-615D-7402-00000000FD01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119578Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:22.280{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6042-615D-7402-00000000FD01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119577Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:22.281{49C67628-6042-615D-7402-00000000FD01}2312C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119607Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:23.859{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4D34046102A02CD342D25535A4954963,SHA256=FA5F38BEBD42DC60DF2BEC6215D813D4E27B2E489653BDAE021A44D236447376,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136236Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:23.488{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C8EFF4788E8627C6060CDF84853EC3B4,SHA256=A827E0A12CAD36BDB32219F0A4A0B163602456304B77AAA1024EAA909D1F267E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119606Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:23.499{49C67628-6043-615D-7502-00000000FD01}8001116C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119605Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:23.359{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6043-615D-7502-00000000FD01}800C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119604Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:23.359{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119603Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:23.359{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119602Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:23.359{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119601Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:23.359{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119600Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:23.359{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119599Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:23.359{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119598Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:23.359{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119597Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:23.359{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119596Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:23.359{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119595Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:23.359{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-6043-615D-7502-00000000FD01}800C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119594Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:23.359{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6043-615D-7502-00000000FD01}800C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119593Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:23.359{49C67628-6043-615D-7502-00000000FD01}800C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119592Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:23.281{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=155A366F98614EB899EE119A2B47199A,SHA256=80D6AE6E0CE9940DE35A4DEE35452F1A2B498E310396B1D1DFE3465CF3F9E699,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119623Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:24.859{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B50C37FE088D15358AABD2118A59C26B,SHA256=C673E6F9BFE8A38E3A7A40FCB928E1181EE86DF10AB5657E93C49A7F17BC36F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136238Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:24.503{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CAF929953E97AB101369376616B34B50,SHA256=3BAD2A148A3EAAA3AB40D1C40061652BE94290425266B4ED1D6152B93A41AAA1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119622Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:24.562{49C67628-6044-615D-7602-00000000FD01}136344C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000119621Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:24.469{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=ACD5E1071115F2AB42E987E58A2CCC51,SHA256=C4DEE2A9013A57666B5E1D78375E7483629B7B98D147CD5268D93B1B8508533E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119620Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:24.437{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6044-615D-7602-00000000FD01}136C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119619Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:24.437{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119618Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:24.437{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119617Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:24.437{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119616Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:24.437{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119615Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:24.437{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119614Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:24.437{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119613Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:24.437{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119612Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:24.437{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119611Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:24.437{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119610Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:24.437{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-6044-615D-7602-00000000FD01}136C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119609Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:24.437{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6044-615D-7602-00000000FD01}136C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119608Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:24.438{49C67628-6044-615D-7602-00000000FD01}136C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000136237Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:21.411{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64534-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000119638Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:25.860{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C8E09925F31F4270805D399FADAD32F5,SHA256=55F9E83F1F3081F8F724B9890528D909A84FBBF1E94F7C232D1D4FA7D4D1C2DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136239Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:25.519{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D78D977E1678FA8BE336A04BE79A5F39,SHA256=6C73C28702D210BBEDA2E10A8183DDD9A336E6CC14700052B627A64D9665BE18,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119637Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:25.235{49C67628-6045-615D-7702-00000000FD01}39163868C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119636Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:25.110{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6045-615D-7702-00000000FD01}3916C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119635Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:25.110{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119634Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:25.110{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119633Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:25.110{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119632Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:25.110{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119631Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:25.110{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119630Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:25.110{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119629Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:25.110{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119628Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:25.110{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119627Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:25.110{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119626Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:25.110{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-6045-615D-7702-00000000FD01}3916C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119625Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:25.110{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6045-615D-7702-00000000FD01}3916C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119624Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:25.110{49C67628-6045-615D-7702-00000000FD01}3916C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000119653Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:26.985{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6046-615D-7802-00000000FD01}3324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119652Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:26.985{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119651Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:26.985{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119650Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:26.985{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119649Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:26.985{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119648Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:26.985{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119647Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:26.985{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119646Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:26.985{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119645Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:26.985{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119644Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:26.985{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119643Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:26.985{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-6046-615D-7802-00000000FD01}3324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119642Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:26.985{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6046-615D-7802-00000000FD01}3324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119641Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:26.986{49C67628-6046-615D-7802-00000000FD01}3324C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119640Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:26.860{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AC57BBE6E58CE34938610D1C823EACFA,SHA256=0AA6AB1F5133F27ADECAA9F5526C26D48DC5B95A4410448D6D59A0DAA9160EAC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136240Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:26.535{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8BA3A82802DC07624BF1C2662D9DD1F0,SHA256=22C106E58F079EF77AE368388A411DE7E41FF5BC634573E8D13F20A2A5F8C767,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119639Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:26.251{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0504DFC2CC99AA064509B419388A9376,SHA256=AD074B5C445C2A2A3BF61402646E27D5DA3778B32990D24A23AD7D6587681F9F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119656Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:27.986{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=EB228A332893D046BD6B5408E5D02267,SHA256=D94D229BE6CDBEEA06868A46E0930A9B3749215A1317BE2771F5562E38D82227,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119655Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:27.861{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E7520686ADF5D60F22AE5A72F0698CDB,SHA256=4E68C94AC9848507B82411AD1B5AEF701EF59F84E9CDF193F8FB5854A7C96F83,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136241Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:27.550{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2FE4E2AFE71FB3B47A04E41A388E28B7,SHA256=4704BADE8B38377568DEDEF37952D79AF56925649983242808B9C7C559292CAF,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119654Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:25.682{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50526-false10.0.1.12-8000- 23542300x8000000000000000119657Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:28.861{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=23E099895A34BB9CD8524DBF4D5EF2D9,SHA256=80DB9EF5E7C65BE6D4150D00671B33ECFA7F485F58889801D40D1F2B62FC4C42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136242Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:28.550{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=50176E24A1E262B79CDC478383E6A69B,SHA256=C3D2AC7347A74B9934E6D5565BC1285DEFA6A62B74141DA7B0905269412E2828,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119658Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:29.862{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA8384B08ED37BDB903321A947AB6981,SHA256=52DC0D2DC11F2BB7807B0A12655BB9F416FA3A91FED78CBB42778FBA50FFD583,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136244Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:29.566{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=90AE9031D5E74BE512795DB72B59512B,SHA256=7782993942CF40B67D5433BD4B291CFF85D8119614DD709EE0152EC9A2E86F7B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000136243Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:26.582{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64535-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000119659Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:30.874{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D39E9C852608E5DB4CCF9562E3CB56DB,SHA256=E95E515315D357C603D5C670CA9394473DF36D586B26C0B69484561A33A2FD47,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136245Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:30.571{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA8A2ADB998EF9B720DBCD9B2A27B1DF,SHA256=CD301B9BE73C39F1952B93F3B561536B5770E312F6F4A881BD5B681121B847F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119660Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:31.875{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=912A8038352F03D9595B025C5ECEFFFA,SHA256=C023243A5ACFECAB02777B499B499F5EB8E5D566C551281A0999AED225236606,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136259Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:31.587{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=14E7916A344C7D61C81D8431DCC0A0DB,SHA256=4A2D3E9CC57F2D05FBA8BC390A4F8157CD5B30B90D741AE37148D71D4FF45BC8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136258Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:31.227{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-604B-615D-9F02-00000000FC01}1900C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136257Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:31.227{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136256Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:31.227{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136255Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:31.227{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136254Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:31.227{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136253Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:31.227{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136252Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:31.227{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136251Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:31.227{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136250Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:31.227{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136249Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:31.227{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136248Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:31.227{6EDEAD03-503F-615D-0500-00000000FC01}408424C:\Windows\system32\csrss.exe{6EDEAD03-604B-615D-9F02-00000000FC01}1900C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136247Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:31.227{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-604B-615D-9F02-00000000FC01}1900C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136246Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:31.228{6EDEAD03-604B-615D-9F02-00000000FC01}1900C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119661Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:32.875{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2FD131A5AD70B7F1CE7AEA2C4C674ACE,SHA256=D6421DE4909A025821900D7093D95ED37B3B080FD3A761D5228FCA97E01CD351,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136276Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:32.649{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C76DD68667003A0A5F1DBCB429380A41,SHA256=B7F00CDC524CF489E6044756235DB9F2710D4AF36264687555359B1C0D2D9CFD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136275Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:32.352{6EDEAD03-604C-615D-A002-00000000FC01}11604172C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000136274Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:32.243{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D942CE626C5D184745FE627E846663B6,SHA256=677D0212CA18EC47570F83B97E9AD5A18743168FA8D4B29F89D9A37B4EE4F0B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136273Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:32.243{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=415F6BE8BA029614EFAC7C66222ED09B,SHA256=19780511647ED5DCDD84FD3D5AF77A3EAB2219015056C80B9B686901C84FC1D4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136272Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:32.180{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-604C-615D-A002-00000000FC01}1160C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136271Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:32.180{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136270Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:32.180{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136269Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:32.180{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136268Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:32.180{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136267Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:32.180{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136266Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:32.180{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136265Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:32.180{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136264Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:32.180{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136263Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:32.180{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136262Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:32.180{6EDEAD03-503F-615D-0500-00000000FC01}408356C:\Windows\system32\csrss.exe{6EDEAD03-604C-615D-A002-00000000FC01}1160C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136261Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:32.180{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-604C-615D-A002-00000000FC01}1160C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136260Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:32.181{6EDEAD03-604C-615D-A002-00000000FC01}1160C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119662Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:33.875{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=50AB40978B5D3E8417EE42CD780DEDB8,SHA256=D309C6E0C7F3A1F1ED71256CC66230BA58F367C117BF882E7F215C6AECF9AC32,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136290Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:33.680{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E23D0FE7E3B292FCF3DBD258402F7423,SHA256=7208A840F7EFF04A2966E52C2768552760B7EB92DE88260F0F0836BF8957E1D1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136289Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:33.352{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-604D-615D-A102-00000000FC01}4276C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136288Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:33.352{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136287Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:33.352{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136286Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:33.352{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136285Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:33.352{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136284Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:33.352{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136283Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:33.352{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136282Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:33.352{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136281Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:33.352{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136280Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:33.352{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136279Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:33.352{6EDEAD03-503F-615D-0500-00000000FC01}408424C:\Windows\system32\csrss.exe{6EDEAD03-604D-615D-A102-00000000FC01}4276C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136278Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:33.352{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-604D-615D-A102-00000000FC01}4276C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136277Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:33.353{6EDEAD03-604D-615D-A102-00000000FC01}4276C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119664Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:34.892{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B24677696FD995D7ADB2FCF7A9D7CC55,SHA256=4676D5E3BAB81A7A92D4AB03B58633E80242C612CF3E2AAB68EF775DC7B9DEB6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136306Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:34.696{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D0C5410A53F06C6AB64B614049BE654F,SHA256=5975E077240292F74607086854DE968D0F47BDAFFA92753E8A9BE8C3378589BA,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119663Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:31.572{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50527-false10.0.1.12-8000- 10341000x8000000000000000136305Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:34.618{6EDEAD03-604E-615D-A202-00000000FC01}51404004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136304Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:34.477{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-604E-615D-A202-00000000FC01}5140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136303Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:34.477{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136302Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:34.477{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136301Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:34.477{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136300Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:34.477{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136299Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:34.477{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136298Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:34.477{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136297Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:34.477{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136296Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:34.477{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136295Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:34.477{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136294Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:34.477{6EDEAD03-503F-615D-0500-00000000FC01}408404C:\Windows\system32\csrss.exe{6EDEAD03-604E-615D-A202-00000000FC01}5140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136293Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:34.477{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-604E-615D-A202-00000000FC01}5140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136292Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:34.478{6EDEAD03-604E-615D-A202-00000000FC01}5140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000136291Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:34.399{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D942CE626C5D184745FE627E846663B6,SHA256=677D0212CA18EC47570F83B97E9AD5A18743168FA8D4B29F89D9A37B4EE4F0B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119665Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:35.906{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=58A04CAA99737F728E65C3965B241744,SHA256=4B4B692425FEB44D478F849B510EBEAD8B59365D9235D13106F92071AF855F07,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136338Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.821{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-604F-615D-A402-00000000FC01}5736C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136337Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.821{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136336Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.821{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136335Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.821{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136334Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.821{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136333Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.821{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136332Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.821{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136331Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.821{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136330Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.821{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136329Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.821{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136328Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.821{6EDEAD03-503F-615D-0500-00000000FC01}408404C:\Windows\system32\csrss.exe{6EDEAD03-604F-615D-A402-00000000FC01}5736C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136327Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.821{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-604F-615D-A402-00000000FC01}5736C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136326Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.822{6EDEAD03-604F-615D-A402-00000000FC01}5736C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000136325Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.727{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1BB38A885451127E327B274C4761F91A,SHA256=6D872DDF3EB899EA8DBB1D1B16740EC6FCB6A69C0F6EDE55BEBC340BBDEB05F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136324Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.618{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6B0A3DD2D20FF95B131F19D7F9CA7652,SHA256=5EC6D2956AB78CE19FEEA914A490A189135D634D3B8AF94398BF4A0204E35318,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000136323Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:32.744{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64537-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000136322Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:32.744{6EDEAD03-504E-615D-2700-00000000FC01}2916C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64537-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000136321Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:32.478{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64536-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000136320Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.337{6EDEAD03-604F-615D-A302-00000000FC01}11084012C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136319Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.149{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-604F-615D-A302-00000000FC01}1108C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136318Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.149{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136317Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.149{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136316Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.149{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136315Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.149{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136314Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.149{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136313Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.149{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136312Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.149{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136311Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.149{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136310Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.149{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136309Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.149{6EDEAD03-503F-615D-0500-00000000FC01}408404C:\Windows\system32\csrss.exe{6EDEAD03-604F-615D-A302-00000000FC01}1108C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136308Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.149{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-604F-615D-A302-00000000FC01}1108C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136307Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:35.150{6EDEAD03-604F-615D-A302-00000000FC01}1108C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119666Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:36.922{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2692A4A61A8F75E35A56D56812F9A9B8,SHA256=AEC0BDA4EB0B139884CE84A14DE0B78B182E101825CE73377AF72F0B5AF67D36,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136341Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:36.852{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=40194D3B545574C50A68A57269E4122C,SHA256=5A5DB7F223A21D36D9AD22086FFDF24ED14C13A8DDB367A224A3C9EA9543F1FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136340Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:36.743{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9AFF5CB75CA656708230778C8986C0C0,SHA256=86210B0982A774DFC8F4F39947BEF53F1543B68781C93086A0040E976CBF439E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136339Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:36.009{6EDEAD03-604F-615D-A402-00000000FC01}57362212C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000119667Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:37.937{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A31B43B5C0D8472F7A81FF6FCEB70123,SHA256=1F0D2C07E3AC99F035412C6A514129B4B0A9DBC8D63CFE7BF69B8B3572FC1139,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136355Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:37.774{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=901CA12EC7941AF675E5090895CDE9DC,SHA256=7489118AB57B90D076AFBBE88B5E7D439D3CAF50B0EC0A48728A553DEA60C4F2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136354Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:37.743{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-6051-615D-A502-00000000FC01}3488C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136353Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:37.743{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136352Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:37.743{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136351Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:37.743{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136350Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:37.743{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136349Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:37.743{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136348Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:37.743{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136347Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:37.743{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136346Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:37.743{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136345Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:37.743{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136344Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:37.743{6EDEAD03-503F-615D-0500-00000000FC01}408356C:\Windows\system32\csrss.exe{6EDEAD03-6051-615D-A502-00000000FC01}3488C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136343Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:37.743{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-6051-615D-A502-00000000FC01}3488C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136342Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:37.744{6EDEAD03-6051-615D-A502-00000000FC01}3488C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119668Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:38.953{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=777FE8AF588690997D36129501680DF3,SHA256=D277712DC2A38DC42812BE3DD7E057E31B61A8BDAA3CBE0138F3C4FF6C25ABFE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136357Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:38.805{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4F6D1CBBB0B40F0D6260A0FE9D520167,SHA256=9A79AA6DB898F1CF7680EBBDA5C1B9CF1348788C4C0972E64DC80AD4DAA6E935,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136356Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:38.774{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FFDD820DCC562F73FF473A91D20EE15E,SHA256=82674D366A4007AC11924D39E409DFE521AFB27F57928FE83BF97CBFE3DE3D42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119670Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:39.968{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B2D4BDCD0BDF173FFDB0CB29953D7171,SHA256=F044E7B56016F4D77AEAAC3C8FF9C36EE6442A47D7A460C2AD384A8A0B471D40,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136359Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:39.837{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE2B2A32DE3EB36A5959EF885EDA6ED4,SHA256=EFD874D7160FE75F5DC908D4E16D3AD61B0B5F57DBEABB080EA9E4D6B37927ED,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119669Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:37.572{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50528-false10.0.1.12-8000- 354300x8000000000000000136358Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:37.494{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64538-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000119671Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:40.984{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D8778BF9614D50F7D9FF64E4653C801,SHA256=30BD79633D2AF573A9DAA7C4AB8FDEA3B20D5E189F4CBF73B75FFE33B68A7D5A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136360Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:40.853{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=775CCB6C33F8F8229E62FC1609D6BBDA,SHA256=76323423BB2605117A814A9A258FC291F1CF3FD1C55D8D6262A9DBA17ED7FB33,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136361Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:41.868{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=46D79F896C1BA00103CF505A913C2AA5,SHA256=B4DDC44DEF062107CE1032405640E8226B5254907819EAA6F5660B8471F6FC80,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136362Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:42.899{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C6703826BAC4B7CD123DDD15F2B21914,SHA256=4AF1449C6AD98C5DC0C73A4FE93E030BD21EFA9A1AD3526367F41063FC77DDC6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119672Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:41.999{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D60481E450E8A05D6E0D090DD0979C64,SHA256=BD5D530601ED4FC9D82CD612FF5055E28587A5971C71407AAC56EB0129C6C607,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136363Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:43.915{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=639DDCA6A1F9D2E85D400DA40ED7572C,SHA256=7E033B701B20B2B9376426752DD55A0BB10C8583716B15896DDB7DE6D4779662,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119673Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:43.003{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EC1732DF922CC30DF8A0D7C69CED15C7,SHA256=54438B64366AB309A135D4AEBB9794EB086F97C52BA08DB6F786F00136FE2883,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136364Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:44.930{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2FD9A75CA381AC334CA81C66BC47DBA4,SHA256=575A9AB7021A8F5BEA320012108538EEDB2CEA960CB2887483AF52B7D09BFBF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119675Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:44.218{49C67628-5044-615D-2200-00000000FD01}1580NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119674Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:44.015{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CFE6987C99BD97D9FE988A34AB0D3E5B,SHA256=CD3B0E2FC6F69F047DD5CE85F0D1B19B9DE7E42602E35FACBB0E73A9EADE2BE0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136366Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:45.946{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2BFE7BDAD7A9C4FADDEA2E3505E80A62,SHA256=38C3EBC2457566B8363FE378E3CC63583ACBD7A3C12AA95317AB325EBBF39E96,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119677Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:42.603{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50529-false10.0.1.12-8000- 23542300x8000000000000000119676Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:45.031{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=42595963CE39D51B367B5C0244EDE23C,SHA256=BA3BDF7E6CEEF1E055091E5B713F3392AC65C394655407EB8DB33BCE445799F3,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000136365Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:43.463{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64539-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000136367Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:46.962{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D1414B869C44138A8D62687EC2E31403,SHA256=CFC3639A068CB8932BCB92625C8DA0C3D41652BCC96E43366236F7D37F2DFA18,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119679Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:43.728{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50530-false10.0.1.12-8089- 23542300x8000000000000000119678Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:46.046{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=051B5DF0A92785810A0A1507DB936C77,SHA256=19F3B14C820F73B4D7898F9CC64B6E6BDA45052B9FB6F81D33B3D586685FCE82,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119680Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:47.062{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=779AC1CE9DBF5677EA41BABD3B991C4D,SHA256=C5EE8D17DCCC70C957F762AB76740C4041A3710A5E28EABBEE516415CB3CAC55,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119681Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:48.077{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BED2DF33F6FEBD2400D6E6B4518A4977,SHA256=134CF6A1D61F1EE80EEDD511BCD0AD117E6957A78CFD4D70297CF9707FE80F34,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136368Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:48.009{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F75049CEB905078323614E900EE6D55C,SHA256=322AFDF4837E0460CC34EC3FF23F5394A2B1E6101FA452B01ADD084495005F6C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119682Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:49.093{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=57F8C3CF61D1055046DDFB6AF148A6AC,SHA256=086812BEEF9FB94AC44FA13F05F9B6CD192744E6E15C44D8DBC955A66FB1D98D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136369Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:49.024{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=75E522DE463345DE5590BAD0761A7773,SHA256=B9FC30882F71A25AE2C76959A57688FB969145034FD61FD4367FA77F805D3DE3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136370Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:50.055{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=71B6E49B35A9F6831086740FCFACB695,SHA256=E57570FAD2C4904DB9526F0176FBA58CE93B767C4AFD8AC6D512A9480104DFA6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119683Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:50.104{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7404C7D89859467708ABDA575E68D8B5,SHA256=51A5E92D7CFD03AA60EEAA1BAA29EB329848FD650E5D7987345DD5704981AD42,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119685Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:48.618{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50531-false10.0.1.12-8000- 23542300x8000000000000000119684Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:51.104{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=53A309930B2859C6BDC79F105828D78F,SHA256=02A2D2F0D1BC4607DB3F7A5FEC4C8902A9EDCDAF9ECEF45F9FF09C31FA16DFF9,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000136372Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:49.353{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64540-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000136371Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:51.066{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=772369F48D5340586D913BDBBCFF82AD,SHA256=CCA936304191F71E6B6F60288522C9AFD53DDF19618E5E0060CFC40968AA80D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119687Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:52.388{49C67628-5044-615D-1A00-00000000FD01}1860NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211006072910-066MD5=266A8C17E3E1B8A0B29A8C5E77CA200E,SHA256=01EFC44F32696762DC9319663F7889EF6AAFD7A8B30AE6A823FD17BD5EE43D66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119686Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:52.105{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=20817C26BA07BDC9D6739C0B80BEAEDB,SHA256=0D9A04B1506C22FDC3CB432CD3681D90E0835A8855394F5B356B9664FF51F80D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136373Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:52.067{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0F7D065301604D2A2C24B7259547B071,SHA256=318523EA0DF4D33F4DFA28EC89812BFB1738880400869C2AD12096307B51749B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119689Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:53.402{49C67628-5044-615D-1A00-00000000FD01}1860NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211006072908-067MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119688Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:53.119{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9DC9F62E98FD062F475DD750C6E31EE1,SHA256=E7D8AFD63149B48A2E3368690927D916D804DD278611C3546A55AE1ADF0C95C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136374Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:53.113{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C32D3BB581253C2B6B9C28CA4572BF2A,SHA256=1BDF88DDDBFAE1CE2C14AED5816CD0AC5CABD081A0578E3709ADBA22126D20F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136375Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:54.145{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=023E2ADF577AB1487DB7F277AE2464E4,SHA256=FED6CF9221E246A292FC57A5754C9D037F77FC983269852F78461E9FD4B4D935,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119690Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:54.135{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E0F53207FFA1D34E8C0ABF2A46BA91D4,SHA256=ABC90F2D7042EA40E0F3F80763ADA1AA9669621718304D71039EA9DD51902367,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136376Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:55.160{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F2DC5AA593BD4C0B94C8BA578F89AFAE,SHA256=E81AD2F40EFD916D2CE362EE3755A66C0ADFF7085346FF907825F5221C5277BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119691Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:55.135{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6FBE246943F99AA408F7E68753082457,SHA256=7EB6E68AC62EE4EB30AC292826C7FD6BE4B2AC094B3DA35B25C6853AA691EE39,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119693Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:54.613{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50532-false10.0.1.12-8000- 23542300x8000000000000000119692Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:56.150{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E3F3D2B5C544519D8D9419334FB80F9A,SHA256=7B7BDC8CBD0AD30D3F839A06C11E71A096E9BAAB1BBDD84B1B095BFE79F4D6A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136377Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:56.176{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=662F164E5AB37F07C12D7756CE42D4F0,SHA256=048046EDFDB2D9B78A831EE40A4A46396FB895F8CDAC4E37B72B56BD60AD2B96,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119694Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:57.150{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9571DA0594FBB35F601A9ABCD889CE6A,SHA256=C751E184078B08DB59491EC2C25F886237B5E1EAC19AA7C2D458083598934340,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000136379Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:54.521{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64541-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000136378Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:57.191{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=57D8143810C21A08055A3231F0C194FF,SHA256=C4D85428E4CC3B4EA56D0FEB9A0E2A7041DBEF9373C8658FE64DD28406596D47,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136380Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:58.207{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=89617EC2050D9E567F0ED5B8AC2AE59D,SHA256=752C64ACA9A9EF3FDA563053C31333068A8DC15B5B49651EA56FBB661633BF6F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119695Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:58.166{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF8D513C7EC0C6944315E0017B28EB4D,SHA256=68B2BA7EB8CC42CB14BBD7ED973017391C4D9D6492289F1BDF4BACE53EC46707,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136381Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:37:59.270{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0649220231004713FF428C5D38CB2E4E,SHA256=519CD170F2F87C1C339FDAB95EC90DDA2F0E8E18D52A777EDCE139A6E8EC1F26,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119696Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:59.181{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=89D42DAB94B24AA22457CF30151BB762,SHA256=66E60781B97A4B7E94C8A789392F239399B85EAA375E06B64C6221FBC8783F2D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119697Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:00.197{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FF215F0083196F1073B5289DA764E2CB,SHA256=F78E647FF86B098D7772CD77616996C4A6DBDF989547A537FE9962FA09133CAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136382Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:00.301{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A3F9F3ADBB1396956C797427EEFFB481,SHA256=B2225BC5ABDA5A9E2129C78CD6B2B506788A7124EC919319A515AFAFAB3D8B06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119698Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:01.212{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8871367CA2C85BC9FD0331C5B02E2869,SHA256=9A3301425E281640D1E377804EECFAA5315DA396F442AAB9E7751065146BA617,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136383Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:01.316{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2EDC263D09B217B6DF0B6F43BC7F5F22,SHA256=7E8C8ABD4418123B0760D1C463246AF6D76439520AC2AAE3B588E0A6363B2B6D,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000136385Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:00.474{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64542-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000136384Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:02.441{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D2AE5A8B88AB13FA7CE4BE6998035BCD,SHA256=31C584E42D6DE5AB82E29853633265FD3D16F8BE12AA7CEF7F14F20D0A1C2BCA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119700Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:02.228{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1863A40206BB141F7F5C8EFDA9306C96,SHA256=302FE98140D75D7CF2A35548E5276F8F8B02C2CABE8E8CAAB91E1E6682DABD6B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119699Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:37:59.785{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50533-false10.0.1.12-8000- 23542300x8000000000000000136387Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:03.536{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=22B397DB556F6A4DB2C511E9F975C4EF,SHA256=8FEFDE9C33A10C989AC082B71A0B3CFF1D2EC04341D35CF67BB6015F0E59D242,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119701Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:03.244{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=384A419D0E1A5324C44D2A8D2E352263,SHA256=B34DD21E44EEFDA2302137BA67AFFBDC7157FBA8C156DDD435CD447BD8C68214,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136386Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:03.117{6EDEAD03-504E-615D-2800-00000000FC01}2924NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211006072921-066MD5=58D52BFFD80488B8005F7C319C2D4334,SHA256=B9D8441D1BC2ED8425146F5F211E2A21C477807F4E0B7EBAD9811C868FAB9279,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136389Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:04.582{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2B78232B13F32DE25606CCEB1D3F5E1F,SHA256=88CB380036A8EC8963680728FADD0190251AF9F842FF2BB91873CDB61D23C4CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119702Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:04.244{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=057AA7F56FE2384A5C75A689F3F47FAB,SHA256=DF964740A394B36CD7EE593797FADE55719668B2119E31346E0B4C18D65B4F34,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136388Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:04.131{6EDEAD03-504E-615D-2800-00000000FC01}2924NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211006072919-067MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136390Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:05.694{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0BE4B84F591482AA43D98D6098E4D5FE,SHA256=11FD23A4B446ABCA94D2EA742B611719A9EE3E2AE8F3C9308254A0E3FF154B14,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119703Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:05.259{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=745C64B352BC4162E2EDF772BC56F076,SHA256=DDE42DA2352BDC55F45027DF0A3B83199B203DD0A1967FAB15BF823FD5EA4497,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136391Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:06.756{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=197D780FAEC694FC358E8B31A379096C,SHA256=D125E5741BF0D2F2F7440FDEB96481228402952EEE94CB3EA7B971CF961C273A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119704Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:06.275{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B523D5048D5123BF47CA6388870955CD,SHA256=7A31D2C40A2A63D62BD603175A650BE1D2344F2DB24518535EA982717A37D917,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136393Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:07.819{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=91B72858FA9DFD7906F17BCA38B4F1CF,SHA256=9888FA930CFC2751D7F75E8BE05B65EC8AE0269E6C788C7306ED861B040BC8BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119705Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:07.290{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8239E709DEF67E0C929A3B2062570BB2,SHA256=88DFEB67C74ED5470E778FE94D8453CBEDACE4969D7E5E149886285EAD22B16B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136392Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:07.022{6EDEAD03-5041-615D-1100-00000000FC01}380NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=DDB30D6156BFA8289C66C64E16439C61,SHA256=713F974A02FD14EBA4392094D27FCA9F43D7C32DC2BA2118129C209C814B4EDE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136395Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:08.850{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C5A74360F7C47C473AA6B5C15E7F6928,SHA256=32A5A141659D34C05A556E7A8C385EF68D29C248FED86F24E382CE67EA9E5F68,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119708Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:08.743{49C67628-5043-615D-1200-00000000FD01}1012NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=D505FDB1A9BB8DBBB8221DED957401FA,SHA256=B7268173C0C85C31DA61393581EB419729D49B5B3FFC6E3AEC55FC6D5148AF30,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119707Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:05.675{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50534-false10.0.1.12-8000- 23542300x8000000000000000119706Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:08.306{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A12553CA0600401D97C8B8153451066C,SHA256=AC26857B13B5EED06B5218485E5DBD3B99396F9997C1D5DC0CE866937493A8C1,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000136394Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:06.507{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64543-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000136396Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:09.881{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F53946E98549AF6E3D3655132774E1C7,SHA256=5F316DF550A1522289A980D9ED8E42499B3E13D8A84C01D6486CCD4D40528AF3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119709Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:09.306{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=65AA29C5E59362E3408507766992D375,SHA256=AB42DF3F9B10969D06B280282E26E10BB0DCD521DD0C55C6063A9DAC788382BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136397Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:10.912{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C6D482A5F470441938DAB41F065CB456,SHA256=DEA169F04C76F6614C8B17C7344AFD1D766EA518F34653C490EBC56DE4AC889E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119710Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:10.308{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=20D7AB37B06320B2F214024E3A26DE7E,SHA256=210194D85F49731B4C6FCC1AF73E4A52FC92F806B80249038C0D5F6C144D92A3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136398Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:11.959{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F7FD49E3CB0E2A619A7C6EB4A480786,SHA256=CC46FD744852E9291410A5B862EDB46DE3FE780892D4B38D6A339BD2809C1933,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119711Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:11.308{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E9ACCCF0D41D32607FFAB8998CBEB1F5,SHA256=ACA53464DE2C809804A76886675561024E8F971071518C4767213E8999D25EA3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136399Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:12.975{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C93336FAA463041C01E55EAA1B7ED032,SHA256=A1CC2D91A0058FE47898128B946E5F937AA8B753523177725AED88814970DBA9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119712Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:12.324{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AC63FC8C475F30862E5BF8CF8A4C6543,SHA256=3181C4981243BF465F0F80D6001806ED19CE18F7E17E063FCA53544E88CCD1A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119714Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:13.339{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A035AFA8E966DFF9E56543823BE6EC2D,SHA256=39F206799ADB3D2FD73F5EE8D8F067816FFF7ED8659482B0968F2FE3ACA95A58,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119713Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:10.724{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50535-false10.0.1.12-8000- 23542300x8000000000000000119715Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:14.355{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6DC9182B4CFFEF876A56C7D1015865E2,SHA256=3AF2CCF281767CD2C96C344885435BE4900FB20C95D5D879F1E373AED843DA84,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000136401Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:12.397{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64544-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000136400Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:14.006{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=972B03C79893660B14075CD91055B480,SHA256=AD9EA07CF3476A184EB66F170AF6575FF28AA55744125D01B5D759904E3D9BD0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119716Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:15.371{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BEEA8C0AB46AB9476D9D1ED60D8129D7,SHA256=237B69500EE2D7CB9FDE3588E7B94E921C888FA815865565CBCE0C76EF9C02A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136402Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:15.021{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C068ADFA9606C5DA77A37F2D19D3E5E,SHA256=8806EABEBC36FEC028889E7D36685FC6670B83812BAF6B0B1EC42C8AB265D341,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119717Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:16.386{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=189CB06497EB2C81232AB32C7AE8DB86,SHA256=50B1BE39B4F79487DBACAA0940E1B437723951045AD7F2B24A132E368830AEF1,IMPHASH=00000000000000000000000000000000falsetrue 13241300x8000000000000000136413Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:16.990{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000136412Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:16.990{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x003ff71f) 13241300x8000000000000000136411Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:16.990{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7ba85-0x1ff3ac7c) 13241300x8000000000000000136410Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:16.990{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7ba8d-0x81b8147c) 13241300x8000000000000000136409Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:16.990{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7ba95-0xe37c7c7c) 13241300x8000000000000000136408Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:16.990{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000136407Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:16.990{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x003ff71f) 13241300x8000000000000000136406Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:16.990{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7ba85-0x1ff3ac7c) 13241300x8000000000000000136405Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:16.990{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7ba8d-0x81b8147c) 13241300x8000000000000000136404Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:16.990{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7ba95-0xe37c7c7c) 23542300x8000000000000000136403Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:16.115{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B031AF64C5031A978051A1F82B592DB2,SHA256=1194735589A836C1618722DFD7BB3B812FF483CFB451A494619424F987934AF9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119718Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:17.402{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=122BDB6048CE936B51DD1D9F0B484353,SHA256=BF686C28794BB4DB5003C5B71BB0AEC4382AD715975118D191C1045F8459CE48,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136414Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:17.131{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=41DCEA96759FF7F4F6F54616698F4F08,SHA256=5715E03D36741F3EB822302B88697D1ED42FB848C1662E3DCD1856266E38FA33,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136416Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:18.865{6EDEAD03-504E-615D-3000-00000000FC01}2448NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136415Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:18.146{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ED65C8671035379FD60B774CED5EADF1,SHA256=222BBF8EF8D4A36D855480367701FDDA4D8E8859197A4E34349961A5B71F6C90,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119719Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:18.417{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0510FE01DAC4F1CFC4712E45B5A57907,SHA256=220C14C86D82B9FBA4BABF2BEC24A8C6DDF1AE0F4C9261ACB3C97572992C690C,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119721Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:16.771{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50536-false10.0.1.12-8000- 23542300x8000000000000000119720Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:19.433{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B1A8E1AB034888B97D5E74EE9223B5E7,SHA256=257C8FC6B5546318AA316F054C456A925FA79F13C03C7628AD5334A903706DC1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136417Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:19.162{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=209864515AA53BE903084BD9EA60915D,SHA256=40E53E6B9F3F9B852D4624CD99D302341C60D3A73D5405D9EA2A0BF8D5FEB175,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119749Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.948{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-607C-615D-7A02-00000000FD01}2440C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119748Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.948{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119747Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.948{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119746Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.948{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119745Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.948{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119744Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.948{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119743Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.948{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119742Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.948{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119741Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.948{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119740Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.948{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119739Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.948{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-607C-615D-7A02-00000000FD01}2440C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119738Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.948{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-607C-615D-7A02-00000000FD01}2440C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119737Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.949{49C67628-607C-615D-7A02-00000000FD01}2440C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000119736Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.448{49C67628-607C-615D-7902-00000000FD01}28684008C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000119735Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.448{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6AC57169A1133924B0BCFD1EA847B5D3,SHA256=91536D21C37B7BD8F70889129F8C6E1E58A742F57104E9719F9F9BF6CFAE4A05,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000136420Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:18.397{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64546-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000136419Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:18.179{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64545-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000136418Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:20.178{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C05D9AD897046F90B0CB27C19A3F23BF,SHA256=1325DADA2FAEA43A58C17CF530E4B45EFF30728C96E20D480DE878BBDEEBBACA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119734Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.276{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-607C-615D-7902-00000000FD01}2868C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119733Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.276{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119732Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.276{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119731Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.276{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119730Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.276{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119729Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.276{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119728Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.276{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119727Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.276{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119726Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.276{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119725Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.276{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119724Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.276{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-607C-615D-7902-00000000FD01}2868C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119723Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.276{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-607C-615D-7902-00000000FD01}2868C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119722Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:20.277{49C67628-607C-615D-7902-00000000FD01}2868C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119752Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:21.464{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E50F09E665A28E9390CA953EB992D2FE,SHA256=1C46EBA0F499B00D5C070285A9FE0245091683E1173731FE99356E68ACD1C633,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136421Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:21.193{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=83575230AF7518533858D29B662D1B8A,SHA256=8C4D872B0FBF55AFE5F633909A6A3EEBB9EE62FEFB2576C6D80887A545DFF586,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119751Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:21.308{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=37559A5C91F12B67452EF7387538DBB1,SHA256=345B0E73C6D5A31EAD1A1139D9449B655AB2A33F47FF05FD9727CA733F54B294,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119750Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:21.308{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6AEEB6021BA2100CAD6609BA64FEB289,SHA256=3735D3D8D3C9638000DD63B8C81281D2E7559D4D94EE76451D567518692E841E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136422Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:22.209{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=40F85D5496B92729325BA7ABB316528A,SHA256=CFD0162EFD8DB4A80EB156EBECEB6386EF540F21B6233BC8F3A3E5850C1C63B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119766Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:22.480{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AD8F5BD36DD98A303CE8304CB95E3589,SHA256=5AC0BD49538EC4F545C6DF633DAF21E129F4CD16C72765C5BB531871BBA3AEF0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119765Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:22.276{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-607E-615D-7B02-00000000FD01}2628C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119764Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:22.276{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119763Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:22.276{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119762Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:22.276{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119761Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:22.276{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119760Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:22.276{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119759Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:22.276{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119758Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:22.276{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119757Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:22.276{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119756Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:22.276{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119755Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:22.276{49C67628-5042-615D-0500-00000000FD01}408528C:\Windows\system32\csrss.exe{49C67628-607E-615D-7B02-00000000FD01}2628C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119754Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:22.276{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-607E-615D-7B02-00000000FD01}2628C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119753Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:22.277{49C67628-607E-615D-7B02-00000000FD01}2628C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000119782Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:23.511{49C67628-607F-615D-7C02-00000000FD01}6763244C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000119781Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:23.495{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9640E4876DD639A41C84F3BB443437E8,SHA256=5C4E6F42EF100B9F84A92AD602702354DFD52EA6A959AE1B7C05F00BF01CEBA8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119780Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:23.495{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=37559A5C91F12B67452EF7387538DBB1,SHA256=345B0E73C6D5A31EAD1A1139D9449B655AB2A33F47FF05FD9727CA733F54B294,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136423Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:23.209{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=78CC553421EB49E6A0BB3D0B37CF7A7A,SHA256=26E341E15E67DEB6E9C53FE0A0A0202B2CCAF1FE9BB416CBC241EA25A02DA273,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119779Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:23.370{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-607F-615D-7C02-00000000FD01}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119778Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:23.370{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119777Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:23.370{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119776Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:23.370{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119775Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:23.370{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119774Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:23.370{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119773Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:23.370{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119772Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:23.370{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119771Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:23.370{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119770Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:23.370{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119769Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:23.370{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-607F-615D-7C02-00000000FD01}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119768Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:23.370{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-607F-615D-7C02-00000000FD01}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119767Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:23.371{49C67628-607F-615D-7C02-00000000FD01}676C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000119797Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:24.558{49C67628-6080-615D-7D02-00000000FD01}26002560C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000119796Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:24.511{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EB5EBA1385A9E355280471D2382A32B6,SHA256=A8CDEAFC9E9E9F8A936D5E179300D5009B77F14E99715DCE15CF8B9EEF38CA20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136424Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:24.224{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C6B6B09EF87A88538CB954E2E6B36B00,SHA256=F669AA85E7C9A68E50FD68A334ABEC2D8D706B34891695ED3C7DE474441AB9AF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119795Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:24.432{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6080-615D-7D02-00000000FD01}2600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119794Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:24.432{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119793Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:24.432{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119792Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:24.432{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119791Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:24.432{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119790Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:24.432{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119789Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:24.432{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119788Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:24.432{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119787Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:24.432{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119786Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:24.432{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119785Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:24.432{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-6080-615D-7D02-00000000FD01}2600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119784Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:24.432{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6080-615D-7D02-00000000FD01}2600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119783Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:24.433{49C67628-6080-615D-7D02-00000000FD01}2600C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119814Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:25.526{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=41D6C0B0AF227394D11AD5F319503696,SHA256=43A849137D1239D1F6E6B5F7B87EC7AFBD25B5D753370FAEDF1C726F3473E9F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119813Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:25.526{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=86090174085BDEA621AFF6517D806C73,SHA256=5A6B7397F958DEAF534CF22B50211E1081CB23C926954967E57F2ECEA5BEF50C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136425Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:25.224{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=40BBC4E51E0E8E3A30F9944B2DF6D874,SHA256=D35E02CA7E4A4A8D608F5B635A862E2B4AB428D05E31F6C941E63D0D8540C8CD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119812Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:25.245{49C67628-6081-615D-7E02-00000000FD01}908372C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000119811Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:22.598{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50537-false10.0.1.12-8000- 10341000x8000000000000000119810Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:25.104{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6081-615D-7E02-00000000FD01}908C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119809Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:25.104{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119808Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:25.104{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119807Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:25.104{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119806Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:25.104{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119805Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:25.104{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119804Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:25.104{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119803Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:25.104{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119802Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:25.104{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119801Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:25.104{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119800Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:25.104{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-6081-615D-7E02-00000000FD01}908C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119799Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:25.104{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6081-615D-7E02-00000000FD01}908C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119798Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:25.105{49C67628-6081-615D-7E02-00000000FD01}908C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000136427Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:23.522{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64547-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000136426Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:26.240{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B4F55E9A93BCACDD25D6D74815C95A59,SHA256=2E010A50EC7BB91ABE526549B947DF4A9B093A315A4F10984AC33FD3B00AD58D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119828Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:26.979{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6082-615D-7F02-00000000FD01}3684C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119827Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:26.979{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119826Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:26.979{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119825Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:26.979{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119824Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:26.979{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119823Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:26.979{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119822Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:26.979{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119821Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:26.979{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119820Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:26.979{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119819Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:26.979{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119818Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:26.979{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-6082-615D-7F02-00000000FD01}3684C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119817Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:26.979{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6082-615D-7F02-00000000FD01}3684C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119816Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:26.980{49C67628-6082-615D-7F02-00000000FD01}3684C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119815Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:26.542{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB389CDA6D5B3BAA9F1C8A284C3942C0,SHA256=4650EDEFAB00D24B91BCBCAD47F8E370D98D740C2B6C8A1FFD7543DFC4D27AD0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119829Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:27.557{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B11263F83EA13F7FEDD7F2C1F598EA8,SHA256=601325F2518191923AD80AC14C5C0EC54C27A5655776900C7546CC883C903F62,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136428Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:27.240{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=327D2B588F9257F92ED61A83FD5FA43C,SHA256=5CA095808E9BCB6D76D914853238E1E7A8914046AC39184A1524256BAEC50A76,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119831Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:28.573{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3724BAE7FDF636BD248F7EE5D83076A5,SHA256=FD4CA73055EC9B0695ADD5F61F80EA486DA609706B14F61C7B9BF6DA4AC676F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136429Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:28.240{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=89FDA4776C5399F91BCC21C165DC1985,SHA256=14CCBF8A5818EB31352E035C2D92F4D703A73914607E1552D96017F092D2B04D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119830Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:28.042{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7278BC51883CAB33742C2B582FDF0135,SHA256=235B7F322C4C4E1526FCD9BB2A1E413A55DABE5065C1165DF82F35968BA2D22C,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119833Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:27.708{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50538-false10.0.1.12-8000- 23542300x8000000000000000119832Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:29.588{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=523328BB1C0F32F4C78DB128261B5F62,SHA256=0607FA2DAB2E79BC0F9CE54CD5168A82AC3DDAC43B043AE100F93B24D89D490F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136430Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:29.256{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A6EFDCC2A395F897F4E353D60A1F5D85,SHA256=86B484807B3B7A07D1254D29E4ED224E598C6480B4B9CDB1CF42597ADAA388CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119834Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:30.598{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0D2B5FC67A57E11209A5AAABE064DC4D,SHA256=8BFCF40733F6EC1EB0791847072594A79CD88D4ABC9E9BC223A907F72D23DD0B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136431Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:30.264{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=926CA05CE338C9F8B1A80887C82E2D02,SHA256=427E59BDF6FFBBD5177E6597FF8DF357645C67E12143289F5DE3C269620EB30B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119835Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:31.614{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=14FFE82D40D7F85500114C847EE7E34F,SHA256=EB95A00D27154FBF256C061F49D8BE18B1B36A66B304D7314980F8BD392DEBC4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136605Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.968{6EDEAD03-5041-615D-1000-00000000FC01}3761736C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136604Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.968{6EDEAD03-5041-615D-1000-00000000FC01}3761736C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136603Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.968{6EDEAD03-5041-615D-1000-00000000FC01}3761736C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136602Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.968{6EDEAD03-5041-615D-1000-00000000FC01}3761736C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000136601Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.968{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=24A27FCB6A62D2AC8BC55B5DA081F5FF,SHA256=10604A52122A2001117A2ACDD343808A84B16133E0CD38B071B466CB52E121DA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136600Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.952{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1700-00000000FC01}1448C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+6a63|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136599Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.952{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+6260e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000136598Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.952{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-0F00-00000000FC01}104C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+625bd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000136597Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:38:31.952{6EDEAD03-5041-615D-0F00-00000000FC01}104\TSVCPIPE-e0ed9e8d-4ca2-4713-968a-974431930a1dC:\Windows\System32\svchost.exe 10341000x8000000000000000136596Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.952{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+157b1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136595Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.952{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+1f3a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136594Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.952{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1439d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000136593Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:38:31.936{6EDEAD03-5041-615D-0F00-00000000FC01}104\TSVCPIPE-e0ed9e8d-4ca2-4713-968a-974431930a1dC:\Windows\System32\svchost.exe 18141800x8000000000000000136592Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:38:31.905{6EDEAD03-5041-615D-0F00-00000000FC01}104\TSVCPIPE-e0ed9e8d-4ca2-4713-968a-974431930a1dC:\Windows\System32\svchost.exe 10341000x8000000000000000136591Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.905{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+6260e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000136590Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.905{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-0F00-00000000FC01}104C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+625bd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000136589Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:38:31.905{6EDEAD03-5041-615D-0F00-00000000FC01}104\TSVCPIPE-e0ed9e8d-4ca2-4713-968a-974431930a1dC:\Windows\System32\svchost.exe 17141700x8000000000000000136588Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-06 08:38:31.905{6EDEAD03-5041-615D-0F00-00000000FC01}104\TSVCPIPE-e0ed9e8d-4ca2-4713-968a-974431930a1dC:\Windows\System32\svchost.exe 10341000x8000000000000000136587Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.905{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136586Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.905{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+7f5d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136585Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.905{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2600-00000000FC01}2796C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136584Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.905{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136583Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.905{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1300-00000000FC01}932C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136582Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.905{6EDEAD03-5041-615D-0F00-00000000FC01}1045684C:\Windows\System32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\termsrv.dll+a1087|c:\windows\system32\termsrv.dll+6a73d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136581Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.889{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1300-00000000FC01}932C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136580Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.889{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1300-00000000FC01}932C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136579Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.889{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136578Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.889{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136577Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.889{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136576Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.889{6EDEAD03-5041-615D-1600-00000000FC01}12921916C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x147aC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\themeservice.dll+3de3|c:\windows\system32\themeservice.dll+26c0|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136575Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.889{6EDEAD03-5041-615D-1600-00000000FC01}12921348C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136574Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.889{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136573Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.889{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+7f5d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136572Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.889{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136571Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.889{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136570Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.889{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136569Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.889{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+796b|c:\windows\system32\lsm.dll+396a|c:\windows\system32\SYSNTFY.dll+1fc3|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49e78|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136568Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.889{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\SYSNTFY.dll+1ad9|C:\Windows\System32\RPCRT4.dll+48674|C:\Windows\System32\RPCRT4.dll+31850|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136567Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.889{6EDEAD03-503F-615D-0B00-00000000FC01}624824C:\Windows\system32\lsass.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\SYSNTFY.dll+1ad9|C:\Windows\System32\RPCRT4.dll+48674|C:\Windows\System32\RPCRT4.dll+31850|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136566Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.889{6EDEAD03-5041-615D-1600-00000000FC01}12921916C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\SYSNTFY.dll+1ad9|C:\Windows\System32\RPCRT4.dll+48674|C:\Windows\System32\RPCRT4.dll+31850|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000136565Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:29.350{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64548-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000136564Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.827{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=14A9AEF309DC80A708A187BE5B68FE8B,SHA256=6A57329C958F30CB20CC24B059D7E5BC229641E6AB1170092BBC8FDB114C1C93,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136563Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.780{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=3DD8E6D1F032F4ABD4E9265E2B5B0480,SHA256=C8B1EC6486F168D25DA6FD189F3B3C4160FC805068C985C44F91AE21A8F82244,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136562Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.780{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B621057F00F8DCCBE196398D66BE784C,SHA256=CC43CA26B286BA7A5DA92B2017892BEFF87CC3284BDDCBB0E01F84525345F4D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136561Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.764{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=C919154E373630B84F7AA2402FF3FDAA,SHA256=BC4D53E8EF966D19FA82C056A1C7588D5C6F9EEC19FDF149A20C371C62F531B8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136560Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.686{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AB02-00000000FC01}5796C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136559Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.686{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AB02-00000000FC01}5796C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136558Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.670{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AB02-00000000FC01}5796C:\Windows\system32\dwm.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136557Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.608{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136556Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.561{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136555Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.561{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136554Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.561{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136553Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.561{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136552Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.561{6EDEAD03-5041-615D-1600-00000000FC01}12921916C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AB02-00000000FC01}5796C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136551Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.561{6EDEAD03-5041-615D-1600-00000000FC01}12921348C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AB02-00000000FC01}5796C:\Windows\system32\dwm.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136550Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.514{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136549Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.514{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136548Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.514{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136547Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.514{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136546Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.514{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136545Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.514{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136544Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.514{6EDEAD03-6087-615D-AA02-00000000FC01}52765336C:\Windows\system32\LogonUI.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\logoncontroller.dll+2eef5|C:\Windows\System32\RPCRT4.dll+48674|C:\Windows\System32\RPCRT4.dll+31850|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136543Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.498{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136542Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.498{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136541Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.498{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136540Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.498{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136539Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.498{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136538Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.498{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136537Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.498{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136536Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.498{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136535Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.498{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136534Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.498{6EDEAD03-6087-615D-A702-00000000FC01}45206072C:\Windows\system32\csrss.exe{6EDEAD03-6087-615D-AB02-00000000FC01}5796C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136533Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.498{6EDEAD03-6087-615D-A802-00000000FC01}26801264C:\Windows\system32\winlogon.exe{6EDEAD03-6087-615D-AB02-00000000FC01}5796C:\Windows\system32\dwm.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\SYSTEM32\dwminit.dll+2d11|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136532Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.506{6EDEAD03-6087-615D-AB02-00000000FC01}5796C:\Windows\System32\dwm.exe10.0.14393.0 (rs1_release.160715-1616)Desktop Window ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationdwm.exe"dwm.exe"C:\Windows\system32\Window Manager\DWM-3{6EDEAD03-6087-615D-0575-1D0000000000}0x1d75053SystemMD5=C89F159A577F19F7F03C73C98D29D841,SHA256=B3E37997C1C62DD90D69EF83D6A6FC782BF9A5B8AD04A0D1528A8B7FA31AA408,IMPHASH=DDB7DE3741333EE031929A760FCD4542{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\System32\winlogon.exewinlogon.exe 10341000x8000000000000000136531Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.498{6EDEAD03-503F-615D-0B00-00000000FC01}624824C:\Windows\system32\lsass.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d7e|C:\Windows\system32\lsasrv.dll+1d1c8|C:\Windows\system32\lsasrv.dll+1c3f1|C:\Windows\system32\lsasrv.dll+1b140|C:\Windows\system32\lsasrv.dll+2704b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136530Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.498{6EDEAD03-503F-615D-0B00-00000000FC01}624824C:\Windows\system32\lsass.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d7e|C:\Windows\system32\lsasrv.dll+1d1c8|C:\Windows\system32\lsasrv.dll+1c3f1|C:\Windows\system32\lsasrv.dll+1ac10|C:\Windows\system32\lsasrv.dll+2704b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136529Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.498{6EDEAD03-503F-615D-0B00-00000000FC01}624824C:\Windows\system32\lsass.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d7e|C:\Windows\system32\lsasrv.dll+195f6|C:\Windows\system32\lsasrv.dll+1ab9f|C:\Windows\system32\lsasrv.dll+2704b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136528Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.467{6EDEAD03-5041-615D-1600-00000000FC01}12921916C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136527Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.467{6EDEAD03-5041-615D-1600-00000000FC01}12921348C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136526Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.452{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136525Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.452{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136524Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.436{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136523Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.436{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136522Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.436{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136521Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.436{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136520Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.436{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136519Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.436{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136518Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.436{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136517Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.436{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136516Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.436{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136515Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.436{6EDEAD03-6087-615D-A702-00000000FC01}45205264C:\Windows\system32\csrss.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136514Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.436{6EDEAD03-6087-615D-A802-00000000FC01}26806108C:\Windows\system32\winlogon.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\winlogon.exe+193b7|C:\Windows\system32\winlogon.exe+22617|C:\Windows\system32\winlogon.exe+2b287|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136513Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.436{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+7f5d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136512Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.439{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\System32\LogonUI.exe10.0.14393.0 (rs1_release.160715-1616)Windows Logon User Interface HostMicrosoft® Windows® Operating SystemMicrosoft Corporationlogonui.exe"LogonUI.exe" /flags:0x2 /state0:0xa3a0f855 /state1:0x41c64e6dC:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e73SystemMD5=B38DFCF985D8AE5B1A17C264981E61C7,SHA256=AA62D29803D52EC06CD27ED3124E034048F09606EB7342181913C9817C7B44C5,IMPHASH=A6F3A84D171E55B51A7343E05C8DFAC3{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\System32\winlogon.exewinlogon.exe 10341000x8000000000000000136511Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.436{6EDEAD03-503F-615D-0B00-00000000FC01}624824C:\Windows\system32\lsass.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a16d|C:\Windows\system32\lsasrv.dll+2704b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136510Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.436{6EDEAD03-503F-615D-0B00-00000000FC01}624824C:\Windows\system32\lsass.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136509Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.436{6EDEAD03-503F-615D-0B00-00000000FC01}624824C:\Windows\system32\lsass.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136508Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.420{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136507Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.420{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136506Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.420{6EDEAD03-5041-615D-1600-00000000FC01}12921916C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136505Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.405{6EDEAD03-5041-615D-1600-00000000FC01}12921916C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+4689|c:\windows\system32\themeservice.dll+3fdd|c:\windows\system32\themeservice.dll+3c53|c:\windows\system32\themeservice.dll+2675|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136504Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.405{6EDEAD03-5041-615D-1600-00000000FC01}12921348C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136503Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.389{6EDEAD03-5041-615D-1600-00000000FC01}12921916C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x147aC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\themeservice.dll+3de3|c:\windows\system32\themeservice.dll+26c0|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136502Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.389{6EDEAD03-5041-615D-1600-00000000FC01}12921348C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136501Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.295{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136500Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.295{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136499Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.295{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136498Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.295{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136497Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.295{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136496Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.295{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136495Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.295{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136494Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.280{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136493Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.265{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136492Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.248{6EDEAD03-6087-615D-A702-00000000FC01}45205260C:\Windows\system32\csrss.exe{6EDEAD03-5041-615D-0F00-00000000FC01}104C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\winsrv.DLL+1ef0|C:\Windows\system32\winsrv.DLL+17e9|C:\Windows\system32\winsrv.DLL+1579|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136491Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.233{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-6087-615D-A902-00000000FC01}1560C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136490Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.233{6EDEAD03-503F-615D-0500-00000000FC01}408404C:\Windows\system32\csrss.exe{6EDEAD03-6087-615D-A902-00000000FC01}1560C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136489Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.233{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-6087-615D-A902-00000000FC01}1560C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136488Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.234{6EDEAD03-6087-615D-A902-00000000FC01}1560C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 13241300x8000000000000000136487Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:31.217{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\NextInstanceDWORD (0x00000002) 13241300x8000000000000000136486Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:31.217{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\CountDWORD (0x00000002) 13241300x8000000000000000136485Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:31.217{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\1TERMINPUT_BUS\UMB\2&2c22bcc9&0&Session3Mouse0 13241300x8000000000000000136484Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:31.217{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\NextInstanceDWORD (0x00000002) 13241300x8000000000000000136483Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:31.217{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\CountDWORD (0x00000002) 13241300x8000000000000000136482Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:31.217{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\1TERMINPUT_BUS\UMB\2&2c22bcc9&0&Session3Mouse0 13241300x8000000000000000136481Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:31.217{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\NextInstanceDWORD (0x00000002) 13241300x8000000000000000136480Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:31.217{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\CountDWORD (0x00000002) 13241300x8000000000000000136479Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:31.217{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\1TERMINPUT_BUS\UMB\2&2c22bcc9&0&Session3Keyboard0 13241300x8000000000000000136478Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:31.217{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\NextInstanceDWORD (0x00000001) 13241300x8000000000000000136477Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:31.217{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\CountDWORD (0x00000001) 13241300x8000000000000000136476Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:31.217{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\0TERMINPUT_BUS\UMB\2&2c22bcc9&0&Session3Keyboard0 10341000x8000000000000000136475Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.217{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+796b|c:\windows\system32\lsm.dll+2387f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136474Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.217{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+2380c|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136473Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.217{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+237c4|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136472Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136471Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136470Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136469Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136468Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136467Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136466Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136465Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136464Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136463Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136462Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A702-00000000FC01}4520C:\Windows\system32\csrss.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+1ac1c|c:\windows\system32\lsm.dll+22cc9|c:\windows\system32\lsm.dll+bcaf|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x8000000000000000136461Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+1abf6|c:\windows\system32\lsm.dll+22cc9|c:\windows\system32\lsm.dll+bcaf|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x8000000000000000136460Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+1abdc|c:\windows\system32\lsm.dll+22cc9|c:\windows\system32\lsm.dll+bcaf|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x8000000000000000136459Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.202{6EDEAD03-6087-615D-A602-00000000FC01}55566092C:\Windows\System32\smss.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\SYSTEM32\ntdll.dll+8c63e|C:\Windows\SYSTEM32\ntdll.dll+8c3e9|\SystemRoot\System32\smss.exe+2795|\SystemRoot\System32\smss.exe+2042|\SystemRoot\System32\smss.exe+1d5e|\SystemRoot\System32\smss.exe+1b09|\SystemRoot\System32\smss.exe+14cb|\SystemRoot\System32\smss.exe+130f|\SystemRoot\System32\smss.exe+1096|C:\Windows\SYSTEM32\ntdll.dll+5178f 154100x8000000000000000136458Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.188{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\System32\winlogon.exe10.0.14393.3204 (rs1_release.190830-1500)Windows Logon ApplicationMicrosoft® Windows® Operating SystemMicrosoft CorporationWINLOGON.EXEwinlogon.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e73SystemMD5=DEA4CE12F24601830083126E18A2C7C9,SHA256=F002F8C2EA49D21F242996E3D57F5FDD7995FE6DB524BB69BBD7F190CC0211A9,IMPHASH=3CF10D94C117DB4F6E9D523B93429D6D{6EDEAD03-6087-615D-A602-00000000FC01}5556C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000013c 0000007c 10341000x8000000000000000136457Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.186{6EDEAD03-5024-615D-0200-00000000FC01}2964852C:\Windows\System32\smss.exe{6EDEAD03-6087-615D-A702-00000000FC01}4520C:\Windows\system32\csrss.exe0x101441C:\Windows\SYSTEM32\ntdll.dll+a6cc4|\SystemRoot\System32\smss.exe+3fee|\SystemRoot\System32\smss.exe+3b53|C:\Windows\SYSTEM32\ntdll.dll+1d3f1|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136456Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.170{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A702-00000000FC01}4520C:\Windows\system32\csrss.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eacf|c:\windows\system32\lsm.dll+1a7a4|c:\windows\system32\lsm.dll+1aa31|C:\Windows\SYSTEM32\ntdll.dll+1d3f1|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136455Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.155{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136454Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.155{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136453Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.155{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136452Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.155{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136451Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.155{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136450Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.155{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136449Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.155{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136448Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.155{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136447Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.155{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136446Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.155{6EDEAD03-6087-615D-A602-00000000FC01}55566092C:\Windows\System32\smss.exe{6EDEAD03-6087-615D-A702-00000000FC01}4520C:\Windows\system32\csrss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\SYSTEM32\ntdll.dll+8c63e|C:\Windows\SYSTEM32\ntdll.dll+8c3e9|\SystemRoot\System32\smss.exe+2795|\SystemRoot\System32\smss.exe+1ee4|\SystemRoot\System32\smss.exe+20a1|\SystemRoot\System32\smss.exe+1c92|\SystemRoot\System32\smss.exe+1af6|\SystemRoot\System32\smss.exe+14cb|\SystemRoot\System32\smss.exe+130f|\SystemRoot\System32\smss.exe+1096|C:\Windows\SYSTEM32\ntdll.dll+5178f 154100x8000000000000000136445Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.163{6EDEAD03-6087-615D-A702-00000000FC01}4520C:\Windows\System32\csrss.exe10.0.14393.2969 (rs1_release.190503-1820)Client Server Runtime ProcessMicrosoft® Windows® Operating SystemMicrosoft CorporationCSRSS.Exe%%SystemRoot%%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e73SystemMD5=955E9227AA30A08B7465C109B863B886,SHA256=D896480BC8523FAD3AE152C81A2B572022C3778A34A6D85E089D150A68E9165E,IMPHASH=273BC9D936389D79244E6E56BE5096B6{6EDEAD03-6087-615D-A602-00000000FC01}5556C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 0000013c 0000007c 10341000x8000000000000000136444Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.155{6EDEAD03-5041-615D-1300-00000000FC01}9321936C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\cryptsvc.dll+6124|c:\windows\system32\cryptsvc.dll+5e34|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136443Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.155{6EDEAD03-5024-615D-0200-00000000FC01}2964852C:\Windows\System32\smss.exe{6EDEAD03-6087-615D-A602-00000000FC01}5556C:\Windows\System32\smss.exe0x101441C:\Windows\SYSTEM32\ntdll.dll+a6cc4|\SystemRoot\System32\smss.exe+3fee|\SystemRoot\System32\smss.exe+3b53|C:\Windows\SYSTEM32\ntdll.dll+1d3f1|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136442Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.155{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136441Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.139{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136440Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.139{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136439Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.139{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136438Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.139{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136437Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.139{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136436Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.139{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136435Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.139{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136434Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.139{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136433Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.139{6EDEAD03-5024-615D-0200-00000000FC01}296304C:\Windows\System32\smss.exe{6EDEAD03-6087-615D-A602-00000000FC01}5556C:\Windows\System32\smss.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\SYSTEM32\ntdll.dll+8c63e|C:\Windows\SYSTEM32\ntdll.dll+8c3e9|\SystemRoot\System32\smss.exe+2795|\SystemRoot\System32\smss.exe+2042|\SystemRoot\System32\smss.exe+36ee|\SystemRoot\System32\smss.exe+3c31|C:\Windows\SYSTEM32\ntdll.dll+1d3f1|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\SYSTEM32\ntdll.dll+5178f 154100x8000000000000000136432Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:31.152{6EDEAD03-6087-615D-A602-00000000FC01}5556C:\Windows\System32\smss.exe10.0.14393.2969 (rs1_release.190503-1820)Windows Session ManagerMicrosoft® Windows® Operating SystemMicrosoft Corporationsmss.exe\SystemRoot\System32\smss.exe 0000013c 0000007c C:\Windows\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e73SystemMD5=725EC50D4B0F607BF5B45B5E0115770B,SHA256=56881BCAEAC350107A6453F38F020FE0E284DBE2E8A6F37ED482985E0DD98EA7,IMPHASH=09DDECA5943933973FE7DDDD24ED724A{6EDEAD03-5024-615D-0200-00000000FC01}296C:\Windows\System32\smss.exe\SystemRoot\System32\smss.exe 23542300x8000000000000000119836Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:32.630{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C5BF3ADACEFF983A5BAEA0E7A5D6FF92,SHA256=F32A05FCFE8A1916A0856609DD5CE1A67BC1D0F209CE1E76981BF695CC7C31AA,IMPHASH=00000000000000000000000000000000falsetrue 18141800x8000000000000000136852Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:38:32.983{6EDEAD03-5041-615D-0F00-00000000FC01}104\TSVCPIPE-e0ed9e8d-4ca2-4713-968a-974431930a1dC:\Windows\System32\svchost.exe 18141800x8000000000000000136851Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:38:32.983{6EDEAD03-5041-615D-0F00-00000000FC01}104\TSVCPIPE-e0ed9e8d-4ca2-4713-968a-974431930a1dC:\Windows\System32\svchost.exe 10341000x8000000000000000136850Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.967{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-538E-615D-FE00-00000000FC01}2316C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136849Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.967{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-538E-615D-FE00-00000000FC01}2316C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136848Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.967{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136847Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.967{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136846Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.967{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136845Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.967{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136844Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.967{6EDEAD03-538E-615D-FD00-00000000FC01}1001332C:\Windows\system32\csrss.exe{6EDEAD03-6088-615D-AF02-00000000FC01}5816C:\Windows\system32\atbroker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136843Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.967{6EDEAD03-538E-615D-FE00-00000000FC01}2316340C:\Windows\system32\winlogon.exe{6EDEAD03-6088-615D-AF02-00000000FC01}5816C:\Windows\system32\atbroker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\winlogon.exe+15b13|C:\Windows\system32\winlogon.exe+3b284|C:\Windows\system32\winlogon.exe+38b7a|C:\Windows\system32\winlogon.exe+44b92|C:\Windows\system32\winlogon.exe+b12f|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136842Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.969{6EDEAD03-6088-615D-AF02-00000000FC01}5816C:\Windows\System32\AtBroker.exe10.0.14393.0 (rs1_release.160715-1616)Windows Assistive Technology ManagerMicrosoft® Windows® Operating SystemMicrosoft CorporationATBroker.exeatbroker.exeC:\Windows\system32\ATTACKRANGE\Administrator{6EDEAD03-5390-615D-37C9-0C0000000000}0xcc9372HighMD5=8507D8A98EFA12F285A504DAEF14A0A5,SHA256=A84417EE9D039891AF43B267896DB921A40838D8A17CC1BE29785D031E5944D4,IMPHASH=9E9F046950193A8BA7AB446E4274C9D6{6EDEAD03-538E-615D-FE00-00000000FC01}2316C:\Windows\System32\winlogon.exewinlogon.exe 10341000x8000000000000000136841Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.952{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136840Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.952{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+796b|c:\windows\system32\lsm.dll+2b2a|c:\windows\system32\SYSNTFY.dll+15cd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49e78|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136839Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.952{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\SYSNTFY.dll+1ad9|C:\Windows\System32\RPCRT4.dll+48674|C:\Windows\System32\RPCRT4.dll+31850|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136838Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.952{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136837Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.952{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0301-00000000FC01}4184C:\Windows\System32\rdpclip.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+6260e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000136836Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.952{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-0F00-00000000FC01}104C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+625bd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000136835Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:38:32.952{6EDEAD03-5041-615D-0F00-00000000FC01}104\TSVCPIPE-e0ed9e8d-4ca2-4713-968a-974431930a1dC:\Windows\System32\svchost.exe 10341000x8000000000000000136834Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+773d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136833Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+773d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000136832Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0F00-00000000FC01}104\TSVCPIPE-e0ed9e8d-4ca2-4713-968a-974431930a1dC:\Windows\System32\svchost.exe 10341000x8000000000000000136831Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136830Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136829Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136828Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|c:\windows\system32\lsm.dll+23c29|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136827Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+23c18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136826Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136825Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|c:\windows\system32\lsm.dll+23c29|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136824Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136823Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+23c18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136822Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136821Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|c:\windows\system32\lsm.dll+1fc37|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136820Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1fb39|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136819Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136818Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|c:\windows\system32\lsm.dll+1fc37|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136817Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1a375|c:\windows\system32\lsm.dll+23fc9|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+82744|C:\Windows\SYSTEM32\ntdll.dll+1e892|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136816Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136815Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1fb39|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136814Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+23fc1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+82744|C:\Windows\SYSTEM32\ntdll.dll+1e892|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136813Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136812Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8284500C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136811Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-538E-615D-FD00-00000000FC01}1001332C:\Windows\system32\csrss.exe{6EDEAD03-6088-615D-AE02-00000000FC01}5648C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136810Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0301-00000000FC01}4184C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136809Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1a375|c:\windows\system32\lsm.dll+23fc9|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136808Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0301-00000000FC01}4184C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136807Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+23fc1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136806Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+5b40|c:\windows\system32\lsm.dll+2de4|c:\windows\system32\lsm.dll+57af|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000136805Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0F00-00000000FC01}104\TSVCPIPE-e0ed9e8d-4ca2-4713-968a-974431930a1dC:\Windows\System32\svchost.exe 10341000x8000000000000000136804Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.936{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+796b|c:\windows\system32\lsm.dll+2dce|c:\windows\system32\lsm.dll+57af|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136803Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|c:\windows\system32\lsm.dll+23c29|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136802Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+5b40|c:\windows\system32\lsm.dll+5f9d|c:\windows\system32\lsm.dll+57a4|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136801Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+23c18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000136800Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0F00-00000000FC01}104\TSVCPIPE-e0ed9e8d-4ca2-4713-968a-974431930a1dC:\Windows\System32\svchost.exe 10341000x8000000000000000136799Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0301-00000000FC01}4184C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136798Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|c:\windows\system32\lsm.dll+23c29|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136797Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+23c18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136796Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+6260e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000136795Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-0F00-00000000FC01}104C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+625bd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000136794Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0F00-00000000FC01}104\TSVCPIPE-e0ed9e8d-4ca2-4713-968a-974431930a1dC:\Windows\System32\svchost.exe 17141700x8000000000000000136793Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0F00-00000000FC01}104\TSVCPIPE-e0ed9e8d-4ca2-4713-968a-974431930a1dC:\Windows\System32\svchost.exe 10341000x8000000000000000136792Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136791Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0301-00000000FC01}4184C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136790Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0301-00000000FC01}4184C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136789Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136788Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+773d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136787Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+7f5d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136786Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-503F-615D-0500-00000000FC01}408404C:\Windows\system32\csrss.exe{6EDEAD03-6088-615D-AE02-00000000FC01}5648C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136785Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+773d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136784Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0F00-00000000FC01}104844C:\Windows\System32\svchost.exe{6EDEAD03-6088-615D-AE02-00000000FC01}5648C:\Windows\System32\rdpclip.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\termsrv.dll+47f71|c:\windows\system32\termsrv.dll+549f2|c:\windows\system32\termsrv.dll+22ee6|c:\windows\system32\termsrv.dll+22763|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 154100x8000000000000000136783Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.927{6EDEAD03-6088-615D-AE02-00000000FC01}5648C:\Windows\System32\rdpclip.exe10.0.14393.3503 (rs1_release.200131-0410)RDP Clipboard MonitorMicrosoft® Windows® Operating SystemMicrosoft Corporationrdpclip.exerdpclipC:\Windows\system32\ATTACKRANGE\Administrator{6EDEAD03-5390-615D-37C9-0C0000000000}0xcc9372HighMD5=D887E718FB0F4C99B9F01C5BD59F8B90,SHA256=ACFA1128B4EDD953F6364FA6216337A59C0522A01349263A11259A827838A56F,IMPHASH=5A464814303942D42A66B561CF697F26{6EDEAD03-5041-615D-0F00-00000000FC01}104C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k termsvcs 10341000x8000000000000000136782Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2600-00000000FC01}2796C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+6668|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136781Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136780Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|c:\windows\system32\lsm.dll+23c29|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136779Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136778Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+23c18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136777Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|c:\windows\system32\lsm.dll+1fc37|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136776Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1fb39|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136775Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2600-00000000FC01}2796C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136774Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136773Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|c:\windows\system32\lsm.dll+23c29|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136772Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136771Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+23c18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136770Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|c:\windows\system32\lsm.dll+1fc37|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136769Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1fb39|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136768Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136767Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136766Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136765Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+773d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136764Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136763Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136762Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136761Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136760Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+773d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136759Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+157b1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136758Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+23e0b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136757Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1439d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136756Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1300-00000000FC01}932C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136755Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1300-00000000FC01}932C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136754Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136753Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1300-00000000FC01}932C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136752Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+7f5d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136751Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136750Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136749Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136748Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-0F00-00000000FC01}104C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+f290|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000136747Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136746Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-0F00-00000000FC01}104C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+f290|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000136745Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.920{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-0F00-00000000FC01}104C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+f290|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 354300x8000000000000000136744Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:30.274{6EDEAD03-5041-615D-0F00-00000000FC01}104C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse93.104.65.47ppp-93-104-65-47.dynamic.mnet-online.de50324-false10.0.1.14win-dc-676.attackrange.local3389ms-wbt-server 10341000x8000000000000000136743Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.811{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0301-00000000FC01}4184C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136742Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.811{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0301-00000000FC01}4184C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136741Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.811{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-538F-615D-0001-00000000FC01}1124C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136740Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.811{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-538F-615D-0001-00000000FC01}1124C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136739Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.811{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-538F-615D-0001-00000000FC01}1124C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136738Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.811{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-538F-615D-0001-00000000FC01}1124C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000136737Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:38:32.795{6EDEAD03-5041-615D-0F00-00000000FC01}104\TSVCPIPE-e0ed9e8d-4ca2-4713-968a-974431930a1dC:\Windows\System32\svchost.exe 17141700x8000000000000000136736Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-06 08:38:32.795{6EDEAD03-5041-615D-0F00-00000000FC01}104\TSVCPIPE-e0ed9e8d-4ca2-4713-968a-974431930a1dC:\Windows\System32\svchost.exe 10341000x8000000000000000136735Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.795{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-0F00-00000000FC01}104C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+b4ff|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000136734Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.780{6EDEAD03-538E-615D-FD00-00000000FC01}1002636C:\Windows\system32\csrss.exe{6EDEAD03-5041-615D-0C00-00000000FC01}828C:\Windows\system32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\winsrv.DLL+7de7|C:\Windows\system32\winsrv.DLL+17e9|C:\Windows\system32\winsrv.DLL+1579|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136733Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.780{6EDEAD03-538E-615D-FD00-00000000FC01}1002636C:\Windows\system32\csrss.exe{6EDEAD03-5041-615D-0F00-00000000FC01}104C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\winsrv.DLL+1ef0|C:\Windows\system32\winsrv.DLL+17e9|C:\Windows\system32\winsrv.DLL+1579|C:\Windows\SYSTEM32\ntdll.dll+5178f 13241300x8000000000000000136732Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:32.780{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\NextInstanceDWORD (0x00000002) 13241300x8000000000000000136731Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:32.780{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\CountDWORD (0x00000002) 13241300x8000000000000000136730Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:32.780{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\1TERMINPUT_BUS\UMB\2&2c22bcc9&0&Session2Mouse0 13241300x8000000000000000136729Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:32.780{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\NextInstanceDWORD (0x00000002) 13241300x8000000000000000136728Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:32.780{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\CountDWORD (0x00000002) 13241300x8000000000000000136727Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:32.780{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\1TERMINPUT_BUS\UMB\2&2c22bcc9&0&Session2Mouse0 13241300x8000000000000000136726Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:32.764{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\NextInstanceDWORD (0x00000002) 13241300x8000000000000000136725Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:32.764{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\CountDWORD (0x00000002) 13241300x8000000000000000136724Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:32.764{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\1TERMINPUT_BUS\UMB\2&2c22bcc9&0&Session2Keyboard0 13241300x8000000000000000136723Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:32.764{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\NextInstanceDWORD (0x00000001) 13241300x8000000000000000136722Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:32.764{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\CountDWORD (0x00000001) 13241300x8000000000000000136721Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:32.764{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\0TERMINPUT_BUS\UMB\2&2c22bcc9&0&Session2Keyboard0 23542300x8000000000000000136720Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.764{6EDEAD03-5391-615D-0E01-00000000FC01}4800ATTACKRANGE\AdministratorC:\Windows\Explorer.EXEC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_1024_POS4.jpgMD5=F6E469F8D6D5E6E8737F10BB278D83E5,SHA256=7749E98AA4232E8D94207832919AE91F8506774D9DD1FAD6B735A3D450608A2D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136719Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.764{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD1EA3309F2F413D0C783171C5A2232E,SHA256=717B3846CECD408BD7A49B4C80E390D5F2D4E81F5556C799C324F9862066D885,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136718Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.748{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-538E-615D-FE00-00000000FC01}2316C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136717Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.748{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-538E-615D-FE00-00000000FC01}2316C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136716Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.748{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-6088-615D-AD02-00000000FC01}5656C:\Windows\system32\TSTheme.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136715Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-1600-00000000FC01}12921916C:\Windows\system32\svchost.exe{6EDEAD03-6088-615D-AD02-00000000FC01}5656C:\Windows\system32\TSTheme.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136714Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-1600-00000000FC01}12921348C:\Windows\system32\svchost.exe{6EDEAD03-6088-615D-AD02-00000000FC01}5656C:\Windows\system32\TSTheme.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136713Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-538E-615D-FD00-00000000FC01}1004524C:\Windows\system32\csrss.exe{6EDEAD03-6088-615D-AD02-00000000FC01}5656C:\Windows\system32\TSTheme.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136712Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136711Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136710Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136709Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136708Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136707Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136706Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136705Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136704Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1700-00000000FC01}1448C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+6a63|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136703Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136702Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-503F-615D-0500-00000000FC01}408404C:\Windows\system32\csrss.exe{6EDEAD03-6088-615D-AD02-00000000FC01}5656C:\Windows\system32\TSTheme.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136701Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+7f5d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136700Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-6088-615D-AD02-00000000FC01}5656C:\Windows\system32\TSTheme.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+37172|c:\windows\system32\rpcss.dll+3df8d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136699Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.737{6EDEAD03-6088-615D-AD02-00000000FC01}5656C:\Windows\System32\TSTheme.exe10.0.14393.4169 (rs1_release.210107-1130)TSTheme Server ModuleMicrosoft® Windows® Operating SystemMicrosoft CorporationTSThemeS.exeC:\Windows\system32\TSTheme.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{6EDEAD03-5390-615D-37C9-0C0000000000}0xcc9372HighMD5=D5E6B1DA9AEE1CC85A50894A07700B98,SHA256=3A22AAA677B8B658386F6A22ECFB36795DC1BE55AED591FEAA05CA8D36973464,IMPHASH=851EBF0BAEED8A212E02B93229FDC674{6EDEAD03-5041-615D-0C00-00000000FC01}828C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 10341000x8000000000000000136698Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136697Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1300-00000000FC01}932C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136696Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1300-00000000FC01}932C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136695Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1300-00000000FC01}932C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136694Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136693Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136692Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136691Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136690Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|c:\windows\system32\lsm.dll+23c29|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136689Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8283580C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136688Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+23c18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136687Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.733{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000136686Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:32.670{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\NextInstanceDWORD (0x00000001) 13241300x8000000000000000136685Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:32.670{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\CountDWORD (0x00000001) 12241200x8000000000000000136684Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-DeleteValue2021-10-06 08:38:32.670{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\kbdclass\Enum\1 13241300x8000000000000000136683Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:32.670{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\NextInstanceDWORD (0x00000000) 13241300x8000000000000000136682Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:32.670{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\CountDWORD (0x00000000) 12241200x8000000000000000136681Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-DeleteValue2021-10-06 08:38:32.670{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\0 13241300x8000000000000000136680Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:32.608{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\NextInstanceDWORD (0x00000001) 13241300x8000000000000000136679Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:32.608{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\CountDWORD (0x00000001) 12241200x8000000000000000136678Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-DeleteValue2021-10-06 08:38:32.608{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\mouclass\Enum\1 13241300x8000000000000000136677Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:32.608{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\NextInstanceDWORD (0x00000001) 13241300x8000000000000000136676Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:38:32.608{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\CountDWORD (0x00000001) 12241200x8000000000000000136675Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-DeleteValue2021-10-06 08:38:32.608{6EDEAD03-5024-615D-0100-00000000FC01}4SystemHKLM\System\CurrentControlSet\Services\terminpt\Enum\1 10341000x8000000000000000136674Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.545{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AB02-00000000FC01}5796C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136673Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.545{6EDEAD03-5041-615D-0C00-00000000FC01}8285612C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AB02-00000000FC01}5796C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136672Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.545{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-0F00-00000000FC01}104C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+f290|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000136671Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.545{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-0F00-00000000FC01}104C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+f290|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000136670Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.545{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-0F00-00000000FC01}104C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+f290|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000136669Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.545{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+5b40|c:\windows\system32\lsm.dll+2f9b|c:\windows\system32\lsm.dll+5727|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136668Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.545{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+796b|c:\windows\system32\lsm.dll+2f4d|c:\windows\system32\lsm.dll+5727|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136667Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.545{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+5b40|c:\windows\system32\lsm.dll+5f9d|c:\windows\system32\lsm.dll+5718|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136666Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.545{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+56c4|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136665Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.545{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1a375|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136664Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.530{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136663Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.530{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136662Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.530{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1a375|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136661Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.530{6EDEAD03-503F-615D-0B00-00000000FC01}624824C:\Windows\system32\lsass.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136660Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.530{6EDEAD03-503F-615D-0B00-00000000FC01}624824C:\Windows\system32\lsass.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136659Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.530{6EDEAD03-503F-615D-0B00-00000000FC01}624824C:\Windows\system32\lsass.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136658Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.530{6EDEAD03-503F-615D-0B00-00000000FC01}624824C:\Windows\system32\lsass.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136657Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.530{6EDEAD03-503F-615D-0B00-00000000FC01}624824C:\Windows\system32\lsass.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d7e|C:\Windows\system32\lsasrv.dll+1d1c8|C:\Windows\system32\lsasrv.dll+1c3f1|C:\Windows\system32\lsasrv.dll+1ac10|C:\Windows\system32\lsasrv.dll+2704b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136656Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.530{6EDEAD03-503F-615D-0B00-00000000FC01}624824C:\Windows\system32\lsass.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d7e|C:\Windows\system32\lsasrv.dll+195f6|C:\Windows\system32\lsasrv.dll+1ab9f|C:\Windows\system32\lsasrv.dll+2704b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136655Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.514{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+7f5d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136654Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.514{6EDEAD03-503F-615D-0B00-00000000FC01}624788C:\Windows\system32\lsass.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136653Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.514{6EDEAD03-503F-615D-0B00-00000000FC01}624788C:\Windows\system32\lsass.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136652Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.514{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136651Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.514{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136650Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.514{6EDEAD03-503F-615D-0B00-00000000FC01}624824C:\Windows\system32\lsass.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136649Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.514{6EDEAD03-503F-615D-0B00-00000000FC01}624824C:\Windows\system32\lsass.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000136648Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.436{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D7E5748AEB455F46F37945C73EEDB9E,SHA256=FE7F87551404699A372A86111AB5273109DE837D1B8CA2CDEFFA4F25D410CB6E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136647Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.248{6EDEAD03-6088-615D-AC02-00000000FC01}41002268C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136646Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136645Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136644Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.202{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136643Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.170{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+773d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136642Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.170{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136641Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.170{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|c:\windows\system32\lsm.dll+23c29|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136640Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.170{6EDEAD03-5041-615D-0C00-00000000FC01}8285904C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136639Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.170{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+23c18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136638Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.170{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|c:\windows\system32\lsm.dll+1fc37|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136637Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.170{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1fb39|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136636Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.170{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136635Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.170{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136634Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.170{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+773d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136633Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.155{6EDEAD03-5041-615D-0F00-00000000FC01}104844C:\Windows\System32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\termsrv.dll+a1087|c:\windows\system32\termsrv.dll+6aa58|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136632Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.155{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136631Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.155{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136630Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.155{6EDEAD03-503F-615D-0B00-00000000FC01}624824C:\Windows\system32\lsass.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136629Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.155{6EDEAD03-503F-615D-0B00-00000000FC01}624824C:\Windows\system32\lsass.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000136628Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.077{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB69AD97400971BA2B97282DDA231FE0,SHA256=C12DEB805173366217F7C39E877B1344395CE228649617D9212A6234A7CF33AE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136627Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.045{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-6088-615D-AC02-00000000FC01}4100C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136626Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.045{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136625Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.045{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136624Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.045{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136623Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.045{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136622Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.045{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136621Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.045{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136620Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.045{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136619Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.045{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136618Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.045{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136617Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.045{6EDEAD03-503F-615D-0500-00000000FC01}408524C:\Windows\system32\csrss.exe{6EDEAD03-6088-615D-AC02-00000000FC01}4100C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136616Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.045{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-6088-615D-AC02-00000000FC01}4100C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136615Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.047{6EDEAD03-6088-615D-AC02-00000000FC01}4100C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000136614Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.030{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BF90AE1F80E826F5DE8A3A7F4762CF7F,SHA256=D72BFC04B45665F8B3ED185EBCBC469EB95B9094547DE0F6218D112C63DED443,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136613Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.030{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=79634086EDD8A7013FB702824D49FE6B,SHA256=73ECD83F190E8A8B2FAE586CC4A372B8C2539D097ABA927EAEE8F3D80BFB8F82,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136612Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.030{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136611Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.030{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136610Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.030{6EDEAD03-503F-615D-0B00-00000000FC01}624788C:\Windows\system32\lsass.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136609Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.030{6EDEAD03-503F-615D-0B00-00000000FC01}624788C:\Windows\system32\lsass.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136608Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.030{6EDEAD03-5041-615D-0F00-00000000FC01}1045684C:\Windows\System32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\termsrv.dll+a1087|c:\windows\system32\termsrv.dll+6aa58|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136607Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.030{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136606Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.030{6EDEAD03-5041-615D-0C00-00000000FC01}828964C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-AA02-00000000FC01}5276C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000119837Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:33.645{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C451FAA92C08930F14E1574DAE8D7CF0,SHA256=588B4F2104831416C10A0E19BA262F542B7D7EBD82BD8F48FE174021381D7703,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136983Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.530{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=89E6411FDEC0F9B1FDFFFF73A31CA9F2,SHA256=1B23145CCB9DD900AF12EF28411CD8462B9DFF1B695B80400ED143A74415E1EB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136982Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.233{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-6089-615D-B202-00000000FC01}4980C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136981Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.233{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136980Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.233{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136979Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.233{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136978Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.233{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136977Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.233{6EDEAD03-503F-615D-0500-00000000FC01}408356C:\Windows\system32\csrss.exe{6EDEAD03-6089-615D-B202-00000000FC01}4980C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136976Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.233{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-6089-615D-B202-00000000FC01}4980C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136975Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.234{6EDEAD03-6089-615D-B202-00000000FC01}4980C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000136974Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.217{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=B57C312F75F14FE213A69C0A0FBC7EBC,SHA256=6D25F6D65663595515597CE6A62C4660F0A4731A42FA7B09B58212031BF7878A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136973Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.217{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=4B2FCEA284C66913A1A3DC98B1FFDF9C,SHA256=58C0E298231CB9C529F4D70CCCF86694B9A5341126EB142D46A9A18B6FFC5D73,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136972Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.170{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9CE7917A7DD56769E7A3B667D0F09B78,SHA256=3A9FC61C5F7710DE68E58B998491EBFCCD1F6F8C63FD2E4D9F48C212A5F8D3D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136971Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.123{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=050F68399E03377D42B006A118D90454,SHA256=05398BC39ADDEC1BDDB364F08B7A537B552DE4CC0AA0C2DFB64720D80B37BFB4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000136970Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.123{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BF90AE1F80E826F5DE8A3A7F4762CF7F,SHA256=D72BFC04B45665F8B3ED185EBCBC469EB95B9094547DE0F6218D112C63DED443,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136969Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-6089-615D-B102-00000000FC01}1008C:\Windows\system32\DllHost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136968Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-6088-615D-AD02-00000000FC01}5656C:\Windows\system32\TSTheme.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136967Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5393-615D-1301-00000000FC01}4456C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136966Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136965Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136964Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0601-00000000FC01}4324C:\Windows\system32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136963Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0301-00000000FC01}4184C:\Windows\System32\rdpclip.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136962Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-538F-615D-0001-00000000FC01}1124C:\Windows\system32\dwm.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136961Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-538E-615D-FE00-00000000FC01}2316C:\Windows\system32\winlogon.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136960Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-50C8-615D-8500-00000000FC01}3384C:\Windows\System32\msdtc.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136959Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5061-615D-7700-00000000FC01}3748C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136958Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136957Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5051-615D-4500-00000000FC01}3680C:\Windows\system32\conhost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136956Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5051-615D-4400-00000000FC01}3668C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136955Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-6089-615D-B102-00000000FC01}1008C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136954Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5050-615D-3700-00000000FC01}3376C:\Windows\system32\conhost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136953Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504F-615D-3300-00000000FC01}3112C:\Windows\System32\vds.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136952Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504F-615D-3100-00000000FC01}2264C:\Windows\system32\wbem\unsecapp.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136951Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136950Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\system32\dns.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136949Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2E00-00000000FC01}2372C:\Windows\system32\dfssvc.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136948Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136947Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2C00-00000000FC01}3052C:\Windows\system32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136946Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2B00-00000000FC01}2952C:\Windows\system32\DFSRs.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136945Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2A00-00000000FC01}2944C:\Windows\System32\ismserv.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136944Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2800-00000000FC01}2924C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136943Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2700-00000000FC01}2916C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136942Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2600-00000000FC01}2796C:\Windows\System32\spoolsv.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136941Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504B-615D-2300-00000000FC01}2628C:\Windows\System32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136940Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5046-615D-2200-00000000FC01}2552C:\Windows\system32\conhost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136939Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5046-615D-2100-00000000FC01}2544C:\Users\Public\splunkd.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136938Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5042-615D-1F00-00000000FC01}2156C:\Windows\system32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136937Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1700-00000000FC01}1448C:\Windows\system32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136936Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136935Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1500-00000000FC01}1236C:\Windows\system32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136934Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1400-00000000FC01}984C:\Windows\system32\dwm.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136933Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1300-00000000FC01}932C:\Windows\system32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136932Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136931Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1100-00000000FC01}380C:\Windows\System32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136930Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1000-00000000FC01}376C:\Windows\system32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136929Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-0F00-00000000FC01}104C:\Windows\System32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136928Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-0E00-00000000FC01}988C:\Windows\system32\LogonUI.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136927Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-0D00-00000000FC01}884C:\Windows\system32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136926Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136925Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-503F-615D-0900-00000000FC01}572C:\Windows\system32\winlogon.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+2210c|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136924Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-6089-615D-B102-00000000FC01}1008C:\Windows\system32\DllHost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136923Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-6088-615D-AD02-00000000FC01}5656C:\Windows\system32\TSTheme.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136922Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5393-615D-1301-00000000FC01}4456C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136921Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136920Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136919Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0601-00000000FC01}4324C:\Windows\system32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136918Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0301-00000000FC01}4184C:\Windows\System32\rdpclip.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136917Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-538F-615D-0001-00000000FC01}1124C:\Windows\system32\dwm.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136916Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-538E-615D-FE00-00000000FC01}2316C:\Windows\system32\winlogon.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136915Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-50C8-615D-8500-00000000FC01}3384C:\Windows\System32\msdtc.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136914Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5061-615D-7700-00000000FC01}3748C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136913Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136912Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5051-615D-4500-00000000FC01}3680C:\Windows\system32\conhost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136911Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5051-615D-4400-00000000FC01}3668C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136910Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5050-615D-3700-00000000FC01}3376C:\Windows\system32\conhost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136909Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504F-615D-3300-00000000FC01}3112C:\Windows\System32\vds.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136908Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504F-615D-3100-00000000FC01}2264C:\Windows\system32\wbem\unsecapp.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136907Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136906Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\system32\dns.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136905Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2E00-00000000FC01}2372C:\Windows\system32\dfssvc.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136904Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136903Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2C00-00000000FC01}3052C:\Windows\system32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136902Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2B00-00000000FC01}2952C:\Windows\system32\DFSRs.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136901Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2A00-00000000FC01}2944C:\Windows\System32\ismserv.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136900Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2800-00000000FC01}2924C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136899Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2700-00000000FC01}2916C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136898Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2600-00000000FC01}2796C:\Windows\System32\spoolsv.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136897Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504B-615D-2300-00000000FC01}2628C:\Windows\System32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136896Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5046-615D-2200-00000000FC01}2552C:\Windows\system32\conhost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136895Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5046-615D-2100-00000000FC01}2544C:\Users\Public\splunkd.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136894Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5042-615D-1F00-00000000FC01}2156C:\Windows\system32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136893Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1700-00000000FC01}1448C:\Windows\system32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136892Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136891Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.108{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1500-00000000FC01}1236C:\Windows\system32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136890Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.092{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1400-00000000FC01}984C:\Windows\system32\dwm.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136889Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.092{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1300-00000000FC01}932C:\Windows\system32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136888Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.092{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136887Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.092{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1100-00000000FC01}380C:\Windows\System32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136886Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.092{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1000-00000000FC01}376C:\Windows\system32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136885Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.092{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-0F00-00000000FC01}104C:\Windows\System32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136884Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.092{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-0E00-00000000FC01}988C:\Windows\system32\LogonUI.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136883Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.092{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-0D00-00000000FC01}884C:\Windows\system32\svchost.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136882Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.092{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136881Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.092{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-503F-615D-0900-00000000FC01}572C:\Windows\system32\winlogon.exe0x101001C:\Windows\SYSTEM32\ntdll.dll+a79c4|c:\windows\system32\lsm.dll+221bf|c:\windows\system32\lsm.dll+220f4|c:\windows\system32\lsm.dll+a754|c:\windows\system32\lsm.dll+227dd|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136880Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.092{6EDEAD03-503F-615D-0500-00000000FC01}408404C:\Windows\system32\csrss.exe{6EDEAD03-6089-615D-B102-00000000FC01}1008C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136879Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.092{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-6089-615D-B102-00000000FC01}1008C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+366e9|c:\windows\system32\rpcss.dll+3bed2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136878Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.092{6EDEAD03-5041-615D-1600-00000000FC01}1292756C:\Windows\system32\svchost.exe{6EDEAD03-6087-615D-A802-00000000FC01}2680C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+4689|c:\windows\system32\themeservice.dll+3fdd|c:\windows\system32\themeservice.dll+2870|c:\windows\system32\themeservice.dll+26d8|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136877Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.092{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-538F-615D-0001-00000000FC01}1124C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136876Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.092{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-538F-615D-0001-00000000FC01}1124C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136875Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.077{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2600-00000000FC01}2796C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+6668|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136874Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.077{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136873Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.077{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136872Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.077{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136871Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.077{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136870Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.077{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|c:\windows\system32\lsm.dll+8a76|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136869Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.077{6EDEAD03-5041-615D-0C00-00000000FC01}8282708C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8a38|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136868Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.045{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0301-00000000FC01}4184C:\Windows\System32\rdpclip.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136867Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.030{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2C00-00000000FC01}3052C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136866Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.030{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2C00-00000000FC01}3052C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136865Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.014{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2C00-00000000FC01}3052C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136864Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:33.014{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2C00-00000000FC01}3052C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000136863Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:38:33.014{6EDEAD03-5041-615D-0F00-00000000FC01}104\TSVCPIPE-e0ed9e8d-4ca2-4713-968a-974431930a1dC:\Windows\System32\svchost.exe 10341000x8000000000000000136862Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.998{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1700-00000000FC01}1448C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+6a63|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136861Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.998{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0301-00000000FC01}4184C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136860Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.998{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0301-00000000FC01}4184C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136859Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.998{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+6260e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000136858Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.998{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-0F00-00000000FC01}104C:\Windows\System32\svchost.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\lsm.dll+625bd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+1279|C:\Windows\System32\combase.dll+3b27c|C:\Windows\System32\combase.dll+3af32|C:\Windows\System32\combase.dll+39848|C:\Windows\System32\combase.dll+375ad|C:\Windows\System32\combase.dll+36c7f|C:\Windows\System32\combase.dll+524b9|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000136857Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:38:32.998{6EDEAD03-5041-615D-0F00-00000000FC01}104\TSVCPIPE-e0ed9e8d-4ca2-4713-968a-974431930a1dC:\Windows\System32\svchost.exe 10341000x8000000000000000136856Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.998{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+157b1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136855Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.998{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+1f3a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136854Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.998{6EDEAD03-5041-615D-0C00-00000000FC01}8285496C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1439d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000136853Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.998{6EDEAD03-5391-615D-0E01-00000000FC01}4800ATTACKRANGE\AdministratorC:\Windows\Explorer.EXEC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1280_1024_POS4.jpgMD5=F6E469F8D6D5E6E8737F10BB278D83E5,SHA256=7749E98AA4232E8D94207832919AE91F8506774D9DD1FAD6B735A3D450608A2D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119839Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:34.661{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=261F7D13240A74887D3BF452D026A314,SHA256=89FD74542527A61A1EC24C48FF9EA7F3B1F0F0302DEB9A94188DD17807E36686,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119838Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:32.780{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50539-false10.0.1.12-8000- 354300x8000000000000000136996Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.750{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64549-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000136995Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:32.750{6EDEAD03-504E-615D-2700-00000000FC01}2916C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64549-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 23542300x8000000000000000136994Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:34.702{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E055EA93EC239B72C1066FFC1D7DCE24,SHA256=D5C453BA7D476B6A5D6B162BA96AB197AA3651E2686C2B965D73974CF22271C7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000136993Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:34.655{6EDEAD03-608A-615D-B302-00000000FC01}49565128C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136992Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:34.467{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-608A-615D-B302-00000000FC01}4956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136991Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:34.467{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136990Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:34.467{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136989Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:34.467{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136988Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:34.467{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136987Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:34.467{6EDEAD03-503F-615D-0500-00000000FC01}408404C:\Windows\system32\csrss.exe{6EDEAD03-608A-615D-B302-00000000FC01}4956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136986Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:34.467{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-608A-615D-B302-00000000FC01}4956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136985Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:34.468{6EDEAD03-608A-615D-B302-00000000FC01}4956C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000136984Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:34.155{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=606232E0A1F1980DED116F5A2FFB2222,SHA256=7F98FCFE4D938F08E1F20CEB67B168FF949162641CDB0DCA8041E702E1EBFD7C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119840Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:35.676{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5DD260E4A65C37E0374E83F1C47AEF39,SHA256=0139767A260973ADA3053D9D7CC4F6EB2F912B6BC544A5E03808F7628EA454E3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137016Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:35.936{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-608B-615D-B502-00000000FC01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137015Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:35.936{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137014Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:35.936{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137013Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:35.936{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137012Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:35.936{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137011Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:35.936{6EDEAD03-503F-615D-0500-00000000FC01}408424C:\Windows\system32\csrss.exe{6EDEAD03-608B-615D-B502-00000000FC01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137010Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:35.936{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-608B-615D-B502-00000000FC01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137009Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:35.812{6EDEAD03-608B-615D-B502-00000000FC01}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137008Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:35.733{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=81D1B966CFE48AE19E9A46B6AB125691,SHA256=224ECD139CB26D4AED59DFDCAB0701F5C958284255DEE7B10CF62409B1E025F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137007Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:35.545{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E1745B7C58FDC924F13592CDD5B5E0E4,SHA256=CED892A63F206AE50C86390596961D13EE31DD1D14CF7D5F7292D8C5FD1D9536,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137006Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:35.374{6EDEAD03-608B-615D-B402-00000000FC01}12801744C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137005Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:35.264{6EDEAD03-5391-615D-0801-00000000FC01}43684476C:\Windows\system32\taskhostw.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137004Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:35.139{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-608B-615D-B402-00000000FC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137003Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:35.139{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137002Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:35.139{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137001Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:35.139{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137000Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:35.139{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000136999Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:35.139{6EDEAD03-503F-615D-0500-00000000FC01}408424C:\Windows\system32\csrss.exe{6EDEAD03-608B-615D-B402-00000000FC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000136998Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:35.139{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-608B-615D-B402-00000000FC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000136997Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:35.140{6EDEAD03-608B-615D-B402-00000000FC01}1280C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137019Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:36.983{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7100852B7010B5FAF67ED1C54267214C,SHA256=AF9D1E2A5F710634F492005BB2CFDF743D679A5BEF4793C4DC9A97C1D9D61EC7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137018Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:36.952{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5BC16C941C346B9F073F9B5510F9D35E,SHA256=3B6AD66E544F5963266650A2E82020E5A30FEEE6789E06C8511AA8BB8E0F64F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119841Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:36.692{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D4AB194F9CF2EA49316D40AE6058207,SHA256=FEC87573C96C08F27B29DA0F679B5F4EDCF2ABFBA1805341FF8459C83DD4F80A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137017Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:36.092{6EDEAD03-608B-615D-B502-00000000FC01}55161160C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000119842Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:37.707{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=702A0925E9527D1AEB649B9E6D7B6AF6,SHA256=2683BF82A582622F9A32E06FDE3F5D0ACC4831F1F88AFADCF2CC91B0ECB9A821,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137029Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:37.952{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=88047028CE9E752A49C354438064BCA6,SHA256=C43FE2281144AFF68AD9698E6822186F8B67426824277FBE6E3756A83AF7EC3B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137028Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:37.873{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-608D-615D-B602-00000000FC01}3184C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137027Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:37.873{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137026Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:37.873{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137025Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:37.873{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137024Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:37.873{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137023Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:37.873{6EDEAD03-503F-615D-0500-00000000FC01}408356C:\Windows\system32\csrss.exe{6EDEAD03-608D-615D-B602-00000000FC01}3184C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137022Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:37.873{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-608D-615D-B602-00000000FC01}3184C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137021Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:37.733{6EDEAD03-608D-615D-B602-00000000FC01}3184C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000137020Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:34.531{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64550-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000119843Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:38.723{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB687EB12BFB0246004C3287387A2DD1,SHA256=D81113304D5DE344F440028D1B49261FE20EA18AB4204952F817C33F32ABE120,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137031Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:38.967{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A344F5A228E810C1F40C29B8C58F149A,SHA256=110482999E7DB1A0FEC9591DC1D6EF3491E662256EFE39DCCBA32613FC00351C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137030Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:38.795{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B8FC110B9AD2C1D93EB5E6F34C8D3773,SHA256=B580234A4802BD1456B754F72979F103B6B65F4C8D4FA00C32EC12E1944DCB85,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119844Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:39.723{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5D45E9A8EB6368878E95D02D3FCB4343,SHA256=82C54E0ABE405299170583DC1871EE9DD2235C8F01D31E9507A1109C3FF8B689,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137032Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:39.983{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AFBA766E6E6242A99BB89494D9E05280,SHA256=67A2DB9C8186DB6A3C96A98EDFAF16BB611748548D4001B3AFD0735F5B4F5161,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119845Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:40.738{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=05EACB3BE58E90C42B6CBE53A6C1F4C1,SHA256=B8AFCF4F63774039959E428100880A5354F2F7751ED254AA326F3A90A4BF2597,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119847Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:38.592{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50540-false10.0.1.12-8000- 23542300x8000000000000000119846Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:41.738{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FD516B3FB6A9DC3CEDEE0C12543D0CEC,SHA256=F1C1548382FF4C220F7CBD1C0541E5AB753B65EB751016E541BE8E2C6B0B7C30,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137043Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:41.420{6EDEAD03-5041-615D-1600-00000000FC01}1292756C:\Windows\system32\svchost.exe{6EDEAD03-6091-615D-B702-00000000FC01}5688C:\Windows\System32\rundll32.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137042Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:41.420{6EDEAD03-5041-615D-1600-00000000FC01}12921348C:\Windows\system32\svchost.exe{6EDEAD03-6091-615D-B702-00000000FC01}5688C:\Windows\System32\rundll32.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137041Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:41.389{6EDEAD03-538E-615D-FD00-00000000FC01}1001332C:\Windows\system32\csrss.exe{6EDEAD03-6091-615D-B702-00000000FC01}5688C:\Windows\System32\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137040Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:41.389{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137039Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:41.389{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137038Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:41.389{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137037Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:41.389{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137036Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:41.389{6EDEAD03-503F-615D-0500-00000000FC01}408356C:\Windows\system32\csrss.exe{6EDEAD03-6091-615D-B702-00000000FC01}5688C:\Windows\System32\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137035Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:41.389{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-6091-615D-B702-00000000FC01}5688C:\Windows\System32\rundll32.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+37172|c:\windows\system32\rpcss.dll+3df8d|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137034Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:41.394{6EDEAD03-6091-615D-B702-00000000FC01}5688C:\Windows\System32\rundll32.exe10.0.14393.4169 (rs1_release.210107-1130)Windows host process (Rundll32)Microsoft® Windows® Operating SystemMicrosoft CorporationRUNDLL32.EXEC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{6EDEAD03-5390-615D-37C9-0C0000000000}0xcc9372HighMD5=23DB802097F7B7E520E40068A7E68B14,SHA256=28DE7D3E8BF4B19E44063A4BFC2E7C30AE488CD9A1F63320ED374E14AAECA667,IMPHASH=7D1CE1BAFE48B63D9D19E8E0E5DF3E6C{6EDEAD03-5041-615D-0C00-00000000FC01}828C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 23542300x8000000000000000137033Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:40.998{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=530B1B8343AF0B60549BAC4A3264BA15,SHA256=33E9C5995CDE713061DC875C227072FCCA82AA9A91BED601388FBCDA32FC35D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119848Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:42.754{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6CA047AC75FFC1D18C2D5C8988F605FF,SHA256=07B25651D1795F7960D1C590AA4DD02560703233619EEE521B5E46F05EE045A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137045Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:42.623{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C2BFC531044C3249505D362780341D7E,SHA256=2DD22C9483A410A61750529AEC18231B0F3CC8BEBDE2C9676E12973249D26C36,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137044Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:41.998{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1DAB1C091B988BF1B9D94E096C734608,SHA256=C6905DB34B9512A0E29F0FB8ED443A23CF0451FB4C0CEFA32AA3CD667218D43E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119849Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:43.770{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5F75A3A2D3D6564891809B1FDD7D5AA9,SHA256=A66FBC5B861A07D0894D226E3582C250C41DA99C9B4D4AE5FFAA46EFAC5B25BF,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137047Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:40.577{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64551-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137046Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:43.014{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CEE70CFFDF69A598C822682CD40E75C3,SHA256=8D841BD67A00B18EB14B645400045394B97A89A4DD77AB6ABF82B00EC3F6B23C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119851Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:44.785{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0ACB6BCADA305FD0B7DA64FE5F8772C,SHA256=21871C3146253B4157EFB1DC4E60E17FD5C1B8C4A685F2FCFE90B519355520C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119850Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:44.238{49C67628-5044-615D-2200-00000000FD01}1580NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137048Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:44.014{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=46E1CAFD67A48E56ABA6FBB6197A8350,SHA256=601F5E3DB357386C8A5B5A56B5FA265440B81E7C9C3ECE7AA03B42D207FDFD06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119852Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:45.785{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8BCE691F709BF7347DD3483C57D356C2,SHA256=4811DB8DC0970A9D73908F78AA3B85F7E1D96F86AEECFC1933C82C4A100726DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137049Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:45.030{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ED6FD5BA86E01893FDA9596DA3AB3572,SHA256=38975A4EC149B2C50BA3C4DDEADDA821922DC53E2A4E515C1528606D0017EBB0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119854Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:46.801{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8FFBEF546F3DE62AA3A5329CE2C8DBEA,SHA256=FDFA4B27307878C44ADF6F8FA514879F3E5D8D32DB0DA6B9954F25AD5A0EB0C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137050Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:46.045{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BB39C1BDEDC6BDABFDABF1BA6CF86B06,SHA256=29A12C233F2BB4A2530844F42AAF21CD7C48866A96A905CFF1CE3C5CD48863F7,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119853Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:43.748{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50541-false10.0.1.12-8089- 354300x8000000000000000119855Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:44.592{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50542-false10.0.1.12-8000- 23542300x8000000000000000137051Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:47.108{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7E2E42451644A8E1524DEDF61D03BE0C,SHA256=660E00EAEE0A6DD50E7296A74FDC6FA0DCC583D3FC0A14D3B0027B99F27EA81B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119856Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:48.035{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9035C6C8773700642E6594CDC583C912,SHA256=AAD7BC1DDDC38E8B6D63BB6B3C59501BE6E46AE73B8F44E039A4AFCB858F4ACC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137052Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:48.123{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=587DFD39ECD8737EBC7B0CF5E102BFED,SHA256=AA5912AF4F5A64D72CA740EEF1CAA1C04922D1CEBDA2EF4D55EDADEE7625651D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119857Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:49.129{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13BC8B808A3899A01D0FC7ABDAFC0BF4,SHA256=FC85A34D02EFC0E90F23C1A2CB9AE05A5A228FB6C62C736DAFDD240ED43AC19F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137054Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:46.359{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64552-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137053Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:49.139{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F81F56BCA4F99B7F2E30419DE9627818,SHA256=3020BB4A024E0ADE730070AC330132F028E17BFC9927ED876E6E99E20CECFB7D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119858Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:50.227{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B952DC16D1E58C22BC77B74C16517751,SHA256=A39AAF3F8E3DD51D7ED876DD59A225CD6D4CDF33DE41A0C5AC5DC670CE496E0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137055Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:50.186{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=30D587406AA401291416F436DAFAB279,SHA256=FF25E4E19512EB2551E8266E04BB804FAD8D0F68F6A05BCAF955BDDBDC6978AB,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119860Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:49.643{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50543-false10.0.1.12-8000- 23542300x8000000000000000119859Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:51.258{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=59E5FC2D46998314ACF05A2E65B5283D,SHA256=B435CEA8AFF17D59444AB473EB5A7A52F0F64360637AF4138624FF9201A6FC80,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137056Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:51.221{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=83A15614971A883C5A4F1B96EBBB2F5C,SHA256=9287EFD05AE8108D73FACEE28B35AE950A893BC90EA6FBDD8846620C1B9303E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119861Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:52.477{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4F2DC3C847FAE828EF89AD3E04BB8EFA,SHA256=60668267FA2920305484F4CAA3E3B33E76069F163FAB6F07F0F1BAB19B683834,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137057Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:52.236{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7DDFE638FD15FD4B94016D465711BC21,SHA256=E3B47C9AD0A15BA596A3489AFEF25A82FF2751788AEA4D8BF66CB3B9A80EA305,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119863Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:53.918{49C67628-5044-615D-1A00-00000000FD01}1860NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211006072910-067MD5=266A8C17E3E1B8A0B29A8C5E77CA200E,SHA256=01EFC44F32696762DC9319663F7889EF6AAFD7A8B30AE6A823FD17BD5EE43D66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119862Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:53.619{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1C181378170606B08380C935E4CBD0D5,SHA256=6B70D764A86422A0A3390EDCB23FE4D8AF49679B4413F6D2DDDB0F0A13DC46AC,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137059Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:51.394{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64553-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137058Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:53.252{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BA53038C8518EE46E65C1286FEE50EB2,SHA256=EA8713E691198E591EC5B0EDA991F98FD5E4952237CF23212FE76182B94FB0B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119865Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:54.931{49C67628-5044-615D-1A00-00000000FD01}1860NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211006072908-068MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119864Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:54.650{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=699DEE953FEC85464A7DF089F54DF2A7,SHA256=953254827275497B2719187A1012DA2542E2A93B1F75C58FF6E00A95B5422A9E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137060Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:54.252{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5083B863DDB51763A8FB934656F81B70,SHA256=0CAD82C66D792EBCA5972CE8CA180533BD76DA61BAB2BEAC7EF5C0498777A8BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119866Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:55.697{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8590319FC014CFE7CA838C1E3F95DBB4,SHA256=3EB764AA6718E175330459DC4C92FC5C0C78B7738E2ABD481FADFE775DA0E984,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137061Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:55.283{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A7851DC738ECC208735AB66360BBD3EB,SHA256=61AF510E9790152FD1A67515729292F17244F746E8B9434A7E2D20851312ED5B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119867Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:56.775{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E999537F484215A585DF8481CAD0F3C,SHA256=C286F8EFE77AD3238A1F076C5ECFC44D85EEEBD36E741589775A6A2C43832239,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137062Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:56.299{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DFD37C0B7194C82F3AF7C5C602DA57A0,SHA256=FB8E3445FB9DD96E2B172349D6E46881E7A95A9D3458B830934A438D77347C29,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119869Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:57.916{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF9EDE41D7BB89ADE7C3C0DEBE772F16,SHA256=5511DAA97DCAC004694A607D08F5580496127D2C6572C4C74692F297C1BB9D5E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137063Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:57.314{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9C53C0D44F1DC4694A86ED86AF22F815,SHA256=02E07C7451FEF68DB3284E21DE1F8B898832949CD562FB9CCB04FE4CB9A4649E,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119868Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:54.767{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50544-false10.0.1.12-8000- 23542300x8000000000000000119870Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:58.931{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA1E81CC4D1D71A8E2B12ACBC2F68953,SHA256=99595F458E3D05D90D9C0D68F95ECC194346133A971EE58F6834BAEC266D830A,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137065Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:56.565{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64554-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137064Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:58.361{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E18ECB163E5A71AC960F01D848657532,SHA256=E50967161013C92645D06F0DFC65FED4B3E3F58F207B66643ABF603DCB046BBE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119871Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:38:59.947{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E41A8598071D01FCDFB9BC6010DBDCF1,SHA256=7B09A5BDD46C56C3813856CC107742FA5AFC0DD23A00C6F462E74ECF9BA189C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137066Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:38:59.361{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ACEE6BBCA6513EB94A39A6EB037EBCB8,SHA256=4BCAF5CEDB1B27292B2A9DC7497629B8D3F7199CE52DF13596C5F546D01B79FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119872Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:00.963{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C7D83AA00F3B5CBA39DCDAAF3D7E74BA,SHA256=4A8CB3DBCCE00B40CDC568BC0A21C09B755B93ECB93BDC8A13F0E4FB920DF59C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137067Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:00.377{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F0E0A8140DC1C4A2871F54C314338F46,SHA256=7C0AD3524B1A8276DEB695D99DB472E5946B1532308EA9FCEA268EEC0729AC12,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119873Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:01.978{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B599834968E53CCD33EE69661F30CB1A,SHA256=5F9DDB21B07B8407CCD26839BD59D11B9ABBCD19B5563AE7FB389329077B9E39,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137068Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:01.393{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D2705937D5447074FE561D74D0018705,SHA256=45247FEA559DC4E5D863AE5F94F41509176A6615003ECAA2D9020EB8674A7BF0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119874Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:02.994{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=666EF9C3C9145A57AAD5B50129051827,SHA256=7D5BE4611ED5CC8E41D7E2BB6D45209CCD540EFA79E9CC15B19DED8D1428BA6D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137069Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:02.408{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7FA0C4A67172C487D9BFCF03E1F09E64,SHA256=823C0C6F107D42FB4099C02AA51FB335C32DC6DDF2874E2A2F3AFA24801A6692,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137070Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:03.424{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B507D047CE713CD67BF8530FC6F3804D,SHA256=A428157680635C55E21C08159880BD06E3EEE4757DFA7559FC6D77BF0EBE80CB,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119875Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:00.613{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50545-false10.0.1.12-8000- 354300x8000000000000000137074Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:02.534{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64555-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000137073Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:04.911{6EDEAD03-503F-615D-0B00-00000000FC01}624672C:\Windows\system32\lsass.exe{6EDEAD03-5024-615D-0100-00000000FC01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96ef2|C:\Windows\system32\kerberos.DLL+793e4|C:\Windows\system32\kerberos.DLL+1443f|C:\Windows\system32\lsasrv.dll+2d211|C:\Windows\system32\lsasrv.dll+2b3d4|C:\Windows\system32\lsasrv.dll+30929|C:\Windows\system32\lsasrv.dll+2e287|C:\Windows\system32\lsasrv.dll+2d211|C:\Windows\system32\lsasrv.dll+15ded|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 23542300x8000000000000000137072Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:04.663{6EDEAD03-504E-615D-2800-00000000FC01}2924NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211006072921-067MD5=58D52BFFD80488B8005F7C319C2D4334,SHA256=B9D8441D1BC2ED8425146F5F211E2A21C477807F4E0B7EBAD9811C868FAB9279,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137071Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:04.442{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8323C9D36AD17AEA8DA58AA8D7474788,SHA256=7A56FA217C0F83121F90A0F4BF5155AD15274DD6CC87E181BC816CE6B2FA6ED9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119876Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:04.009{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DDDD09F48A104971EB80B306F149C529,SHA256=EB48B7E561E7EB85683AC020480A39808270CD3D4D0A3470281E1C5D42170309,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137078Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:05.941{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F82CEDFA5509FA90F03BCC17F3579708,SHA256=D57F6373A8ED80E71469643F2ACB15AFCF6B855041ACEDCC5865F203F626AA80,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137077Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:05.941{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A5C1A34924F1A345C9BDC96C6A95986E,SHA256=3A38A2425338280FB4905FC76DA8AD39A4A1D98ACBFB2C1651565247BF8857C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137076Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:05.662{6EDEAD03-504E-615D-2800-00000000FC01}2924NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211006072919-068MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137075Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:05.489{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=070A188C6DFF94621447AA60A12330C7,SHA256=80635480E5E01EA892BD764A663C87EA8D3E323C77593D956B44C6C18D39EEC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119877Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:05.025{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=857C7B3EFC4F346002F0D99A873E90FA,SHA256=B1CFEBA05764781750EB9BFFD3BA2584CFDA3D2443E8A383EB24B08900A13144,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137083Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:04.241{6EDEAD03-5024-615D-0100-00000000FC01}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64556-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local445microsoft-ds 354300x8000000000000000137082Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:04.241{6EDEAD03-5024-615D-0100-00000000FC01}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64556-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local445microsoft-ds 10341000x8000000000000000137081Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:06.616{6EDEAD03-5041-615D-1600-00000000FC01}12924928C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2B00-00000000FC01}2952C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2a2f2|C:\Windows\system32\wbem\wmiprvsd.dll+29e26|C:\Windows\system32\wbem\wmiprvsd.dll+28432|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137080Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:06.616{6EDEAD03-5041-615D-1600-00000000FC01}12924928C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2B00-00000000FC01}2952C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2597b|C:\Windows\system32\wbem\wmiprvsd.dll+283dc|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000137079Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:06.506{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=52605BD69D6F4C050D91DDC36A8DCF89,SHA256=20ECF369DD6E6B15E65B1F24EB11049573D61B513EB4F0DDF5F39680DD211512,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119878Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:06.040{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C51006271E3626B0372333599993F31D,SHA256=167FD21BBD1C29CE92068267CD9876C4F6D4CDEC267CE2370D78392384099431,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137085Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:07.538{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F44BE187BB9C185D40EE6B4802D5B910,SHA256=7E2E3CD0ED9CC307863F4C4D8BDD3A1B7488AB5C97C9A7E17806D3D8AB974086,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119880Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:05.675{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50546-false10.0.1.12-8000- 23542300x8000000000000000119879Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:07.056{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=68003013A5C0A477EB2FA4684172B61C,SHA256=5FACF78C49C6CB07C5C010F320F679AEA4D46242400A305206CFAE4CED0526FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137084Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:07.022{6EDEAD03-5041-615D-1100-00000000FC01}380NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=BDF285CF55DDAF315E8B8BDC2A19442B,SHA256=1299734FD0B33D2DDE9183C3E28A7E7D3319A6E554006421A0CE6DDB01EF59C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137086Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:08.553{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A35740ABD118A36054E4657132279AEB,SHA256=0533EF7EE370F3E422C16F931E883E0D6B897D80A37BFB1F6C2A0A5B746B2B65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119882Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:08.743{49C67628-5043-615D-1200-00000000FD01}1012NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=6093D5548214F8283C6EF21C120F61AD,SHA256=571D011AD5E6ABA4D015962CD4078A151129B624159DD4383D76C69D5CFFD7B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119881Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:08.072{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=01B7A9ECCBFBD667F7181E893EFF1AF0,SHA256=03ECCD249F185BA8D91C47891BD33209D2498C68E77AA90410A13F46C898C6D0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137113Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137112Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137111Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137110Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137109Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137108Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137107Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137106Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137105Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137104Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137103Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137102Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137101Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137100Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137099Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137098Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137097Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137096Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137095Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137094Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137093Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137092Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137091Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137090Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5393-615D-1301-00000000FC01}4456C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137089Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5393-615D-1301-00000000FC01}4456C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137088Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.647{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5393-615D-1301-00000000FC01}4456C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000137087Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:09.569{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=170B09B2B05D70DD4A9DDC8E0887C5EC,SHA256=62745F64E8CFE70CBA9BB3E01A66BBB41F6ADBBFC51E7B88D23126CB4564CA08,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119883Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:09.087{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4637125C373911F6A943226593E2BE8A,SHA256=F389012B8E578B5ED62543CFABA056B6D464D82BAFF64F8402FBEAEFF6EABF88,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137115Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:08.507{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64557-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137114Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:10.600{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=46D7651C9376944763FE98C22507E14E,SHA256=BCC385869AD81BAEC1CB531F5A1DA932E794E936526C66A652510BE9C9A9E181,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119884Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:10.105{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BDF81B2A9A9D59C8446370EECAC255EA,SHA256=5C19DFAB15602A8F314CC73133FDE1AFDD542CB1A17214F87095377A46E8EFD7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137116Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:11.631{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0A8969D7F7EB455D4C9C524B55E6A1BB,SHA256=D5871D9E5F54AED5DCF1FFEAA1056A999781D32307E6D582C6BF5466DC1D18B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119885Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:11.106{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9CB1A110773D1EF398E9113B98E151DD,SHA256=EF26C5C2F60616F4B0172A13D9CDF9A27DF7886A4DD49A2C514B4E1B51D51F36,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137117Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:12.646{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=624330685279C2AC17C5C34E46A151A6,SHA256=63F7CF442A7976FF52C5CEB2ED4F12B940BD02FC26E6FADAF02B649D445367D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119886Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:12.107{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=03432EB4A550C027AA5ED3469F4B8E81,SHA256=108D5B3B16439C15B3242DEB19E2A72752FD9D60DA8AC6F85D94B542E2F12D0A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137118Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:13.647{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1AD0380D3BD71E798489148CB8F87754,SHA256=CB8B91FF0F3520B1C6D49EE09BA8C768D76B8ABF6097208D2D3BE7D441E0AE4E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119887Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:13.123{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=400800A8EDE1C976B60C8388D0595B37,SHA256=C846AE114FC51F9BCBBF244AC434721939FD1879A01D0C577C3F8B8CF0D3E395,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137119Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:14.662{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BF9BC9976D3467651BFE22C5C725B1C4,SHA256=E8D0A582F13CAD94E6D786FEAFD3C0EA9ABB0D2A44236F164847DB3613DB016D,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119889Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:10.740{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50547-false10.0.1.12-8000- 23542300x8000000000000000119888Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:14.138{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=89B8D3C283F57A8CDFFE89785AB6A82A,SHA256=A4C8955F7C3F8C26C9EAC8238C41B587F7E14966EE8C356CC23CDA8A1FB48CEF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137120Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:15.693{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A1F344A5F9244BCD72A665297A45545B,SHA256=B921594E9E9333E05DEA3C0CFEC6DFF0BC3A135362F5D9DE49286EADD079F83C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119890Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:15.154{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=39CACC34149B38E73C63AFDC3E5D4519,SHA256=A06C7CEED76875DD141DDEE1431225FE2BF2E7DBEBAB16419650A45F6CB1A13F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137123Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:16.709{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E222CDBECBE5851EC3D6AAADEACB73A8,SHA256=0D29B3C9B985353D6D902A0F7AD4EE4AC415D5C4C057942F4DC61DD44680FE53,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119891Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:16.169{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=693D987A087E842670A9330B7F255236,SHA256=59DB8F8B1183CD1F84B310526C10B4AF72009D3801513E707B1D0D36E13A59BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137122Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:16.678{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=670DA25B8FC97A15E362572FFFAF8D39,SHA256=3E680F634D2788060F903797A8035AD37DF09B10935B86C881270E62DEB6E2C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137121Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:16.678{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F82CEDFA5509FA90F03BCC17F3579708,SHA256=D57F6373A8ED80E71469643F2ACB15AFCF6B855041ACEDCC5865F203F626AA80,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137125Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:17.725{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A2478178380155B4D5F1AAD460D15D72,SHA256=199C3B10EDE24A8FA8C124DA560073376ECAF080007BAF2DF943639834757A1A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119892Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:17.185{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DAF6B33F1B80ADD0696285BDE5D2C738,SHA256=AF88ACEFE3ACEFC24BD45FA5033341576339E219325F40C0DE905DA8C3376D4A,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137124Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:14.413{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64558-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137127Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:18.896{6EDEAD03-504E-615D-3000-00000000FC01}2448NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137126Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:18.725{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C9BBC0876462BDE95EB1B64A241DD53E,SHA256=7E59C40566931E6F9F367D5C6004A0A08EF02FEBEC39104CAC34727934CC0D48,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000119894Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:16.617{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50548-false10.0.1.12-8000- 23542300x8000000000000000119893Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:18.200{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=194578D642C59F9CC8E4B4705913D80C,SHA256=3665D6B4EC17928EC04E5D3D57FB00D4DC7F05738DA7E66AE84A90F20173E53C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137128Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:19.756{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4A55EA0D99AFCFA5709D61D3A65AEA6B,SHA256=D2A02F039A8359A21C01CAB7A02F9C9F07C872539DE9A1BC6A20C4ED22737885,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119895Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:19.216{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=565BFB1504D347E26CB130971BC7D1CB,SHA256=83968781C61F39BCF4654C49BE22571AC31AC9772A8BD0AA655ECC2425117B83,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137130Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:18.194{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64559-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000137129Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:20.787{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=66185783CACD38DADFE4F0C6CB20C350,SHA256=982A6283D1A2B3E91692CAD9AEC6C83DB93BC69F961306DB911FB44204C6A6FF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119923Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.966{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-60B8-615D-8102-00000000FD01}2452C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119922Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.966{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119921Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.966{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119920Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.966{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119919Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.966{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119918Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.966{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119917Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.966{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119916Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.966{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119915Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.966{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119914Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.966{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119913Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.966{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-60B8-615D-8102-00000000FD01}2452C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119912Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.966{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-60B8-615D-8102-00000000FD01}2452C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119911Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.967{49C67628-60B8-615D-8102-00000000FD01}2452C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000119910Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.450{49C67628-60B8-615D-8002-00000000FD01}128432C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119909Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.294{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-60B8-615D-8002-00000000FD01}1284C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119908Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.294{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119907Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.294{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119906Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.294{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119905Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.294{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119904Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.294{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119903Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.294{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119902Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.294{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119901Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.294{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119900Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.294{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119899Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.294{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-60B8-615D-8002-00000000FD01}1284C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119898Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.294{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-60B8-615D-8002-00000000FD01}1284C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119897Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.295{49C67628-60B8-615D-8002-00000000FD01}1284C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119896Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:20.232{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DCCBBCD2E7AA71E140546DFE1044C818,SHA256=03E7ED2D43B8D70887829A9D6B804584CDDEB5E1F80C1F134A6D978BF70A0752,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137131Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:21.850{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=128AD06B3FB1840ADC41B5209DDB3DDA,SHA256=838E7B684409927446659F42EAEAD207E4344F49D6762CA14E16385D2FE16DED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119926Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:21.497{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=61369682CF017E80E67B474D85FA336C,SHA256=65383E3919C4A2D7D49F028C478502C23EDDFC40262208D70B21C804C4EEED42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119925Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:21.497{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B160C93DA88610EB87825D952C8B3AB3,SHA256=FAA4F10A33F7609F612C476BE326116D69A9FF67E5E641987163B92B718B5314,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119924Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:21.497{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4E5408A27F3BC375AC9FCBA945239E7C,SHA256=10B34F2A65270329AD7A6B19BBF739B3889934EE9A783E03CC07BE72B435BE94,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137133Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:19.554{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64560-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137132Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:22.851{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6943CE553B949E2DE1C200AC4FD153BE,SHA256=24AB821C7CA1ADD8FEAFE46F70890078317201CCDEE2EE1F87CABF226F96CEAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119940Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:22.528{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=42B8C435A353B4209AD3573EBAD2ACF8,SHA256=DE82EE7E4C6FFBEDA73842020301C5985AF1FEF8BB6A5AD6BFA15984E93550D8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119939Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:22.278{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-60BA-615D-8202-00000000FD01}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119938Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:22.278{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119937Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:22.278{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119936Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:22.278{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119935Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:22.278{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119934Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:22.278{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119933Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:22.278{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119932Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:22.278{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119931Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:22.278{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119930Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:22.278{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119929Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:22.278{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-60BA-615D-8202-00000000FD01}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119928Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:22.278{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-60BA-615D-8202-00000000FD01}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119927Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:22.279{49C67628-60BA-615D-8202-00000000FD01}3480C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137134Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:23.898{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1D93F6F669551525E6070FFD695C4323,SHA256=78AA46F7B794F9F0EF0558E766B4A65F3E2456E968A908AFB257EA2BB30D6D41,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119956Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:23.591{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7365C03382A22BEE0634466E355966CC,SHA256=341AF832D519FF04A237D7B462605312A170FFB222EB1FBBCEF3CBBC6D133111,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119955Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:23.513{49C67628-60BB-615D-8302-00000000FD01}39363024C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119954Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:23.372{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-60BB-615D-8302-00000000FD01}3936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119953Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:23.372{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119952Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:23.372{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119951Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:23.372{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119950Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:23.372{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119949Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:23.372{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119948Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:23.372{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119947Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:23.372{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119946Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:23.372{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119945Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:23.372{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-60BB-615D-8302-00000000FD01}3936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119944Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:23.372{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119943Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:23.372{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-60BB-615D-8302-00000000FD01}3936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119942Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:23.373{49C67628-60BB-615D-8302-00000000FD01}3936C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119941Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:23.278{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=61369682CF017E80E67B474D85FA336C,SHA256=65383E3919C4A2D7D49F028C478502C23EDDFC40262208D70B21C804C4EEED42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137135Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:24.913{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3D336B50AFD994FA1A00190B26222FF3,SHA256=8970291A10732339DD0F17A7028076B92094193D0A5E1D9A85F85E34EC07A4F5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119986Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.935{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-60BC-615D-8502-00000000FD01}1996C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119985Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.935{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119984Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.935{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119983Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.935{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119982Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.935{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119981Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.935{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119980Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.935{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119979Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.935{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119978Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.935{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119977Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.935{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119976Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.935{49C67628-5042-615D-0500-00000000FD01}408528C:\Windows\system32\csrss.exe{49C67628-60BC-615D-8502-00000000FD01}1996C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119975Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.935{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-60BC-615D-8502-00000000FD01}1996C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119974Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.936{49C67628-60BC-615D-8502-00000000FD01}1996C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119973Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.653{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A232EB014F21D0DAF8BC09782331ADD7,SHA256=3C9A1B6E2AEA6C6DFB82DCB193B67469AB907977446DC3ECDEBD23311DE42FEE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119972Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.591{49C67628-60BC-615D-8402-00000000FD01}18083064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000119971Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.528{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=42EFFEEFA5C45B6374FDA1E58C81AF0A,SHA256=A2A078BFEBC75531B1BDD591371B32804E4E01DE0403C08AB9C01DD5B2B3F7F8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119970Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.434{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-60BC-615D-8402-00000000FD01}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119969Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.434{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119968Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.434{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119967Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.434{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119966Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.434{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119965Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.434{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119964Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.434{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119963Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.434{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119962Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.434{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119961Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.434{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119960Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.434{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-60BC-615D-8402-00000000FD01}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119959Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.434{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-60BC-615D-8402-00000000FD01}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119958Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:24.435{49C67628-60BC-615D-8402-00000000FD01}1808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000119957Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:21.788{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50549-false10.0.1.12-8000- 23542300x8000000000000000119988Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:25.700{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1551ACF8DA481FC7C98F260D8D614231,SHA256=B901279DB5742AE7C1891D38CA1F6EBBC84695C696EBC4848DC2186BA8634665,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137136Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:25.913{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=15A5A897CC723B28BF2681961F143A23,SHA256=C9557B8400C610EABCB3D84A4EEAC6EF6E02C5DEEFBD55258C6602EB91F23600,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000119987Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:25.075{49C67628-60BC-615D-8502-00000000FD01}19963084C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120003Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:26.981{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-60BE-615D-8602-00000000FD01}3640C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120002Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:26.981{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120001Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:26.981{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120000Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:26.981{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119999Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:26.981{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119998Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:26.981{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119997Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:26.981{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119996Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:26.981{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119995Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:26.981{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119994Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:26.981{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000119993Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:26.981{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-60BE-615D-8602-00000000FD01}3640C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000119992Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:26.981{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-60BE-615D-8602-00000000FD01}3640C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000119991Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:26.982{49C67628-60BE-615D-8602-00000000FD01}3640C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000119990Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:26.809{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=01B0F524E5FCA936B40250E6A3363F73,SHA256=2ACED396BE02A5DE3992573672DC7202F443314A3E2D7EAA50455B85DD6D5F1C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137137Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:26.944{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E71ED79370B304B30812EBE6696A8E90,SHA256=F3672C542FAC7943761D80D1C6FE176E56B3E5827FE9226D3BC6D153D81740B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000119989Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:25.997{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BADC459575684962AE98E777F4236D25,SHA256=0457FBDD7931BCA4508B8657B6103720CC9D76BDADB83F47662E83914C5DBFCC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137139Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:27.960{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=982D283C315282E25E0EB6A38ACBF426,SHA256=36F02867C8F9CAEF0F572333A2FDE6D48159EC93BA37312500A68614715F0E26,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120004Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:27.840{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1E4EBB1482F38BC1B1498CC57CAE5DAD,SHA256=3DD2C57DC452C8EF9664429CDA7BF6AEBD536C00EEC0F08B1306DAAB148A7C08,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137138Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:24.570{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64561-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137140Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:28.960{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8387218514F5675424DC58EB396E3C2C,SHA256=C8DFF631F198C2CC0C306BE1E43288232877BCB222249DF252B9B05CE4B5933A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120006Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:28.872{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B4DE968CB1EAB353C23C0DA8BD6A1B04,SHA256=8E194E7B8AD805730E73FC0DABCB2AC449A6B9FB4D6A7723C61F09A15A0B3487,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120005Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:28.106{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2E8825A15861C553C927B4BFC1E61053,SHA256=273C4F9E1FFFCB7E611E059A1F0E0EF2B83898A5A161236860A639B8D3BA38B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120008Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:29.903{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B13F28CC4ED566C6AEBE9C558C02EED7,SHA256=225C697309F2B995E310243ABF6CCD8AB09D50845B52408A51EE3F618806E87F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137141Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:29.976{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=04ABC9AF189D448759ACE9E49284349E,SHA256=95C73B04F64FD51168ABF4F94234C364485087456A5E731EBEA7B6563B2298E7,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120007Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:27.616{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50550-false10.0.1.12-8000- 23542300x8000000000000000137142Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:30.976{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B19CEED028D469AD4AE0822D919D7909,SHA256=34E8C8CFF470F1E9F0F2E0A564FF5B87E7415DA1954834FD7404BACFACD72667,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137154Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:31.991{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=92E499E276E8168277FC22DF3326CC32,SHA256=B7A1C0942B397DA7DAF3226CFFD6F84B9AF484147219A500C0D7611776A7100D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120009Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:30.998{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=100E8D09E9550386B1019881585ED29B,SHA256=6C390A9FC7AA90D515BB01180B2DFF627D138D46BB053FA11A41A98E3687D6E4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137153Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:31.445{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-60C3-615D-B802-00000000FC01}5400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137152Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:31.445{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137151Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:31.445{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137150Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:31.445{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137149Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:31.445{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137148Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:31.445{6EDEAD03-503F-615D-0500-00000000FC01}408424C:\Windows\system32\csrss.exe{6EDEAD03-60C3-615D-B802-00000000FC01}5400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137147Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:31.445{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-60C3-615D-B802-00000000FC01}5400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137146Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:31.258{6EDEAD03-60C3-615D-B802-00000000FC01}5400C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000137145Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:31.163{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137144Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:31.163{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137143Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:31.163{6EDEAD03-503F-615D-0B00-00000000FC01}624824C:\Windows\system32\lsass.exe{6EDEAD03-503F-615D-0A00-00000000FC01}616C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a16d|C:\Windows\system32\lsasrv.dll+2704b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000120010Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:32.107{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3ED257F5EF669CE284D8423D1FA31F30,SHA256=CB854285923FECDDC8992382C474E7E09BECC8FA50C990903A7BF59B448B9BC3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137167Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:32.538{6EDEAD03-60C4-615D-B902-00000000FC01}54684720C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137166Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:32.320{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-60C4-615D-B902-00000000FC01}5468C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137165Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:32.320{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137164Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:32.320{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137163Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:32.320{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137162Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:32.320{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137161Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:32.304{6EDEAD03-503F-615D-0500-00000000FC01}408424C:\Windows\system32\csrss.exe{6EDEAD03-60C4-615D-B902-00000000FC01}5468C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137160Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:32.304{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-60C4-615D-B902-00000000FC01}5468C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137159Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:32.133{6EDEAD03-60C4-615D-B902-00000000FC01}5468C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137158Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:32.288{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7B491CB7779896CBADD6D0B374032A65,SHA256=DA04E56CBB9A43D005924281095AAC65190FF69A459AD009C432BB06D5AD125C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137157Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:32.288{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=670DA25B8FC97A15E362572FFFAF8D39,SHA256=3E680F634D2788060F903797A8035AD37DF09B10935B86C881270E62DEB6E2C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137156Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:32.163{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=3F02BB4A8F71D872C238988C05D98512,SHA256=0D35CD6A3A23CA28FCB7431ABF8D449676CAC4A4FC6709DD4A342B00F6F3F14B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137155Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:32.163{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=B57C312F75F14FE213A69C0A0FBC7EBC,SHA256=6D25F6D65663595515597CE6A62C4660F0A4731A42FA7B09B58212031BF7878A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120011Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:33.123{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7ED2E21BC5D95D8795D68222488F4FE3,SHA256=E9ECA1B20D7551068477EAB8ECA5A135FE1C3652F8E7E30B0243BF3463F92336,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137179Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:33.413{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-60C5-615D-BA02-00000000FC01}2720C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137178Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:33.398{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137177Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:33.398{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137176Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:33.398{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137175Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:33.398{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137174Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:33.398{6EDEAD03-503F-615D-0500-00000000FC01}408356C:\Windows\system32\csrss.exe{6EDEAD03-60C5-615D-BA02-00000000FC01}2720C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137173Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:33.398{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-60C5-615D-BA02-00000000FC01}2720C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137172Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:33.258{6EDEAD03-60C5-615D-BA02-00000000FC01}2720C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000137171Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:30.509{6EDEAD03-5041-615D-1300-00000000FC01}932C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcptruefalse10.0.1.14win-dc-676.attackrange.local64563-false8.248.139.254-80http 354300x8000000000000000137170Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:30.503{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61651- 354300x8000000000000000137169Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:30.492{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64562-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137168Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:33.007{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8FF2CC2BF8A9722C9F85CA471A03D329,SHA256=F764156CBA5EB1DE7D45A6141B84FBE187AF1B5E1957432C976830AD617D1CC5,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120013Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:32.648{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50551-false10.0.1.12-8000- 23542300x8000000000000000120012Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:34.295{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0AC673A2E10CAFF36D0910D5C7BC664B,SHA256=941E8EB7393C3B09F5EC6F275570B72E90112481AD0169757EBBD597A5FBA159,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137190Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:34.741{6EDEAD03-60C6-615D-BB02-00000000FC01}49765648C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137189Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:34.601{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-60C6-615D-BB02-00000000FC01}4976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137188Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:34.601{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137187Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:34.601{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137186Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:34.601{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137185Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:34.601{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137184Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:34.601{6EDEAD03-503F-615D-0500-00000000FC01}408356C:\Windows\system32\csrss.exe{6EDEAD03-60C6-615D-BB02-00000000FC01}4976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137183Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:34.601{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-60C6-615D-BB02-00000000FC01}4976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137182Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:34.477{6EDEAD03-60C6-615D-BB02-00000000FC01}4976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137181Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:34.257{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7B491CB7779896CBADD6D0B374032A65,SHA256=DA04E56CBB9A43D005924281095AAC65190FF69A459AD009C432BB06D5AD125C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137180Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:34.023{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AADA99F810579FE1F61E84EEA335EB93,SHA256=8CF3A2FDFC192592CAC09F40EB0E732F99C7FA225877E140DC87B02CC11D9265,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120014Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:35.326{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D6C82AF8C3A3F5307E845295BA7E0ABC,SHA256=4DDAEEC60F87F291F4942F8E5FAA0EED46A3D08A8F0C7E9C7F3C2DBEB6ABB7DA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137215Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:35.960{6EDEAD03-60C7-615D-BD02-00000000FC01}53801584C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137214Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:35.773{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-60C7-615D-BD02-00000000FC01}5380C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137213Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:35.773{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137212Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:35.773{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137211Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:35.773{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137210Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:35.773{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137209Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:35.773{6EDEAD03-503F-615D-0500-00000000FC01}408404C:\Windows\system32\csrss.exe{6EDEAD03-60C7-615D-BD02-00000000FC01}5380C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137208Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:35.773{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-60C7-615D-BD02-00000000FC01}5380C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137207Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:35.775{6EDEAD03-60C7-615D-BD02-00000000FC01}5380C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137206Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:35.585{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2852C6D351EC5988B3DA762B9DD20CEC,SHA256=31914F856FF3DAC5D0D6A610082DF8235E876FE9B2E09EFDD9B28D2937D4E86A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137205Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:35.507{6EDEAD03-60C7-615D-BC02-00000000FC01}53845388C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137204Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:35.273{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-60C7-615D-BC02-00000000FC01}5384C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137203Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:35.273{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137202Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:35.273{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137201Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:35.273{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137200Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:35.273{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137199Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:35.273{6EDEAD03-503F-615D-0500-00000000FC01}408424C:\Windows\system32\csrss.exe{6EDEAD03-60C7-615D-BC02-00000000FC01}5384C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137198Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:35.273{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-60C7-615D-BC02-00000000FC01}5384C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137197Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:35.274{6EDEAD03-60C7-615D-BC02-00000000FC01}5384C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000137196Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:32.759{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64564-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000137195Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:32.759{6EDEAD03-504E-615D-2700-00000000FC01}2916C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64564-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000137194Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:32.425{6EDEAD03-5041-615D-1300-00000000FC01}932C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudpfalsefalse127.0.0.1-54103-false127.0.0.1-53domain 354300x8000000000000000137193Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:32.367{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-54103- 354300x8000000000000000137192Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:32.367{6EDEAD03-5041-615D-1300-00000000FC01}932C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudptruetrue7f00:1:0:0:98d0:63de:83c2:ffff-54103-true7f00:1:0:0:0:0:0:0-53domain 23542300x8000000000000000137191Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:35.038{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=24A05EA2990AB10B270D5CF9CE363490,SHA256=C4524EDC2A5B6FFC9E1BAF58EE9FFB6B411E375EEB31317F6161501698AA3295,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120015Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:36.435{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=457FA5D4DCF8AF557EABA7E178071B21,SHA256=C3733DB5C41D92877AF06FD3994EAA9B22E29024D2B1A4CD14781FEA76750A17,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137217Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:36.788{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BAC09B1EC571372CDD66293A6AC41292,SHA256=03BBC4DA62901E2E5D78867DC002706508AEF754A9486127F19DDDF5AFE54741,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137216Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:36.040{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8EA091953F716836192C2289C639CEA1,SHA256=5C96819B7D40906CF5664E4BB62550D33C9266D630FFAB4458402E19A616C57F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120016Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:37.451{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7A377295F29A04DBC9F460766016D8E6,SHA256=FB64E881F3F603987903BB28959BD1FE843629DC1DE365765D21C56114886168,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137226Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:37.742{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-60C9-615D-BE02-00000000FC01}4252C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137225Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:37.742{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137224Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:37.742{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137223Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:37.742{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137222Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:37.742{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137221Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:37.742{6EDEAD03-503F-615D-0500-00000000FC01}408404C:\Windows\system32\csrss.exe{6EDEAD03-60C9-615D-BE02-00000000FC01}4252C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137220Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:37.742{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-60C9-615D-BE02-00000000FC01}4252C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137219Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:37.742{6EDEAD03-60C9-615D-BE02-00000000FC01}4252C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137218Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:37.070{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4BC6E151B9F7D7C6253B85D0D37209BA,SHA256=F8B404C4C52714ACC28608E31BB35CC7FEB97D33C5A6CF2F6AB114766BE40B42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120017Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:38.466{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AFC1FA379CEC497CBC039797554C75A7,SHA256=CDFFD326C4BC3F3E7E46C3B1BEC603D290C2CDAA236AE7C8056B789856A49479,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137228Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:38.788{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C12E83A13288D92D197E5DC10EA30A13,SHA256=A23203AF3C1E1F51A34D0E32C5D61CEE6ABDD0F9A4FF0AAB28FB97EBE8B1CD9C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137227Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:38.101{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DED085DBA0F9ED5DC6660F1D47F157AF,SHA256=3A60957B74D5154D7499858A292D696DD95691E2F90128C3C2FFDB9352897790,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120018Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:39.482{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1F49FE533E5B429DAE8D2CF1566C691B,SHA256=1955E82FF9EC1EA3E231007A60521E2D47A51A369A5DA697C77A2F0FD6E2AF2D,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137230Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:36.477{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64565-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137229Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:39.101{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=79CBF9F142668021D1898ABA2C0586C3,SHA256=A0461D36AA23D0CF826FA2BA8D80334393122FDF3EEFAEEF24BE06107876F90A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120020Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:40.497{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB9243DA2D1655F94A5588DE0A3A2B3D,SHA256=10997EBFF08639359DE338268B06E09D5633BF9C6AE01591672327F947ECA356,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137234Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:40.116{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BD08E035C5D2EC0184087245DB7BE7FA,SHA256=B6B511359E4AD203EF31CEEC29D5BA57AFC535F1B51820A18CADC40A7BC22A86,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120019Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:37.680{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50552-false10.0.1.12-8000- 13241300x8000000000000000137233Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:39:40.101{6EDEAD03-504E-615D-2B00-00000000FC01}2952C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\8EFF07E0-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_8EFF07E0-0000-0000-0000-100000000000.XML 13241300x8000000000000000137232Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:39:40.101{6EDEAD03-504E-615D-2B00-00000000FC01}2952C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\3921F692-FD43-40E6-838A-1597F7469C61\Config SourceDWORD (0x00000001) 13241300x8000000000000000137231Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:39:40.101{6EDEAD03-504E-615D-2B00-00000000FC01}2952C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\3921F692-FD43-40E6-838A-1597F7469C61\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_3921F692-FD43-40E6-838A-1597F7469C61.XML 23542300x8000000000000000120021Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:41.513{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=546D4709AA6FC4FE4D1A70A26BAD4D8E,SHA256=6455231A3E63729CBCEF62FAC9B6A9625FF9FAFF3863E392D980AE6A6F24FB1F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137242Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:39.451{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64568-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x8000000000000000137241Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:39.451{6EDEAD03-504E-615D-2B00-00000000FC01}2952C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64568-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x8000000000000000137240Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:39.445{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64567-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x8000000000000000137239Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:39.445{6EDEAD03-504E-615D-2B00-00000000FC01}2952C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64567-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x8000000000000000137238Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:39.431{6EDEAD03-5041-615D-0D00-00000000FC01}884C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64566-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local135epmap 354300x8000000000000000137237Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:39.431{6EDEAD03-504E-615D-2B00-00000000FC01}2952C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64566-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local135epmap 23542300x8000000000000000137236Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:41.132{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D59E9FCE42342C2883ACF61223460B99,SHA256=FCDCCFE8758FFC5B01A450484A0BB15D6F1D582B84E75AA8B7E960EC9A040932,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137235Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:41.132{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0AFAE3E957673B9FFF88E1A9CAC53652,SHA256=858040D07AB74906B2FA22A2CFC98E1B254647FF7DE23B35B42B9CD16BAADFBB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120022Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:42.528{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4952897C6052E4792F479E5A8C999932,SHA256=21ECFE0A61A9F4D14466396F1046C239D03EC12ECCBA84FF561F0D9407F9C9E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137243Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:42.163{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E0D9F95F373403CB206C7364F83A9F3,SHA256=0F01DDD4D10D2ECC6FD046169DDFC051A0B06DC9523E510FFEF5977F942FF870,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120023Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:43.544{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B4EC3906B70789EC3010ED1730D7645B,SHA256=E3B430ED7432BBE729822674AAFF39452A6A7395612FBFE9F2AF3E39D7FF543A,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137245Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:41.586{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64569-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137244Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:43.163{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E596B2C2E6ECF7D9588E1A865433555,SHA256=FA3B5C337B9505568D93B730FDC06EC58D94C96736A405AEB1F444E4CF9D9BD7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120025Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:44.560{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B04375126E2538769C395EF7C1C448E,SHA256=2C907FC33497AA80D2EC922C0359083B0D22AF551992BE4FCAE390E4C2F78AD6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137246Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:44.413{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C8EFE5D7D6D2F8D9E2D2101BBA2E561,SHA256=9061CAAA22DA7608A683B38DD6BA356C4025CFA4D6744A5B0664A4743288D9D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120024Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:44.263{49C67628-5044-615D-2200-00000000FD01}1580NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120027Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:45.575{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6829BB2A04086591F47F8DDCC3AA226D,SHA256=5CAB579F24F4118F7CAA0DACE81D97D975EC6C2439C19E41BF539D3143EA8C7A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137247Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:45.429{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=19E86FCF442A50B5CA451E660E055F7B,SHA256=9B29D213191549D5A82583014156663C5998D4FB91F1993C9151B780E5789FE4,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120026Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:42.725{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50553-false10.0.1.12-8000- 354300x8000000000000000120029Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:43.772{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50554-false10.0.1.12-8089- 23542300x8000000000000000120028Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:46.591{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=538723A41963FDD8ED351C7FA093AD3E,SHA256=3E2CBB71628A428EE3D3989E68C0FF98EDB0EEB1F1EC652E0E616D9003094682,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137248Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:46.445{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9BDFABB9F2548B61835CD93774A147D7,SHA256=4A41EFBA604AD3AD4DAB7A4E5F7379790A1EBA1B3BDCB0B214A40DA5D58845D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120030Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:47.606{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AAC612D7115380D869C1FD87678A7F0D,SHA256=40085D22CE16C8EF355EFCB37B07F44988EA24E34ED528C6CCEDA2C3233C172D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137249Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:47.445{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=735FE72D07D5368BA3F479B0CF836747,SHA256=C0325D3E00E64EC92511F11A6EA9DFE72CC5E82A48EF693010983C765C026110,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120031Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:48.622{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10ECAA6F0F0C612599CB51D197B811D9,SHA256=D985EB9841D309F536ABDFEC30FC77C9FF8D0E89C97B0468B155CA18FE03F793,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137250Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:48.460{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=966C9E72EADE2D7EB08D54357A7FCCA8,SHA256=25136D2BF62D20FC216703562AAD0071168A770AD294020D6003383873996085,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120032Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:49.637{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=98960EB20197D0CCF21F940C413A625B,SHA256=513B35EA452436852335868E25B9E10E7189F32A9D9658D77C9ECBAB9F774D7A,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137252Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:47.430{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64570-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137251Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:49.538{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA4ED835F4ECE22241B0342767F2D5E6,SHA256=4C1788BF918F9C555BE237CBDCB33C9C3A2A2C765AEBD6E00478C61124A8D621,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120033Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:50.644{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3D97D9935D97910BD81238A58DE78335,SHA256=C8CF47CBA6FAA9DE3DBD7D9DC24AB055261991CB118F689EAF968D066D60784D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137253Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:50.559{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FCFC404F427873AA32277732EC8720DB,SHA256=8C2F27BA0F78741B177B45CDD96C9A2FAB40D9474CE01BDF312F19FE314D487C,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120035Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:48.710{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50555-false10.0.1.12-8000- 23542300x8000000000000000120034Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:51.659{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BE67C8EDFAD9F829C70CE9601DE23B9A,SHA256=09A4EC8531ED0C6E8FE4453F0DB4E716D721BA64D34B374B57EB07C046D8D975,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137254Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:51.637{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=185E7F77BC51864EAD14705EC9E52D17,SHA256=BD7C9090BFFD7974D5035D213095845A3F5BC8D958641C0484C20F691758B306,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137255Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:52.653{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3C86A3C2A23EAB64BE555F915BFA753E,SHA256=03FD8FD2E7AB74AD42689D768325C79C99AA6A56C92053CFB2A65427C0D0C63D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120036Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:52.675{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F4EA6977E5C7C7B761BC66C7D9AF4F9,SHA256=AE05C89661F192A5C3A48ABA4CDA19CE0B30ED6AF8D1C34A9687FF583A6AFF2D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120037Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:53.690{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6490C275317D0496CEC9B52205BA6F8E,SHA256=09E300DE7E6B05F1B53748014C2295BFA29BCE6264EE5D4D38E76A75CEEAF5B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137256Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:53.669{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8A93238B9DAEB58A19349B1BC0B9F13D,SHA256=7B669343617E83CB9ECA97E7FD4FC3F136AAEF363BCB5E3B7C6A6B5B083BDEFF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120038Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:54.706{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B079A34AB53BBC33ED43C6FEF3B993A5,SHA256=89C87A704DBFFCFDAA0FDF284C49CC02C3EB8B82FC0FD6065771B87EB4A97818,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137258Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:54.684{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=33C7F94DB2AF113DB2B41D7C2DB17D76,SHA256=6334E1B9FCE9DDDB31DAD90270E479E1302EDA5F8DEBF23B7CB187327978067F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137257Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:54.372{6EDEAD03-503F-615D-0B00-00000000FC01}624788C:\Windows\system32\lsass.exe{6EDEAD03-5024-615D-0100-00000000FC01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96ef2|C:\Windows\system32\kerberos.DLL+793e4|C:\Windows\system32\kerberos.DLL+1443f|C:\Windows\system32\lsasrv.dll+2d211|C:\Windows\system32\lsasrv.dll+2b3d4|C:\Windows\system32\lsasrv.dll+30929|C:\Windows\system32\lsasrv.dll+2e287|C:\Windows\system32\lsasrv.dll+2d211|C:\Windows\system32\lsasrv.dll+15ded|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 23542300x8000000000000000120040Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:55.721{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3AF21922ACB26E75CA507C621186DC69,SHA256=EC219594F0814AF1B280A571230E156D8E58B5168D44F9C5BFE82DFA2B203A6C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137261Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:55.716{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7D0FBEB8BE94F675A6A24F9720498B95,SHA256=64742433CF326E941A7472F1F59C71651952B67BED6584A0890D2FDE41075873,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120039Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:55.458{49C67628-5044-615D-1A00-00000000FD01}1860NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211006072910-068MD5=266A8C17E3E1B8A0B29A8C5E77CA200E,SHA256=01EFC44F32696762DC9319663F7889EF6AAFD7A8B30AE6A823FD17BD5EE43D66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137260Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:55.294{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7AF28B017499FF192BB4573CB206FC8D,SHA256=3ABF2684F2A7F4249B2E18FBBEC8371724C0ACBA2958F326FDF319CAF7CF7F0A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137259Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:55.294{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F919773185896B31A37155A5689A151D,SHA256=C4DAD3557212A5C07533AB590776BD82BCC74509D3C07BE6D7C03D7B83968759,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137269Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:56.747{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5196BB42435ACD244C55EB5A31E934D9,SHA256=05DBD9E7C3A1ABE0C3D955AB044682F3ED47AB1B01B834C569DF8D4CF7BF6B7E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120043Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:56.734{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6CC9B4B22D071A905ED70AAFFBCA4F70,SHA256=6A62E5937833BBB5789303C00A587844A9C12B5139AD781922736CA20F72E1B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120042Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:56.471{49C67628-5044-615D-1A00-00000000FD01}1860NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211006072908-069MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120041Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:53.747{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50556-false10.0.1.12-8000- 354300x8000000000000000137268Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:53.704{6EDEAD03-5024-615D-0100-00000000FC01}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64574-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local445microsoft-ds 354300x8000000000000000137267Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:53.704{6EDEAD03-5024-615D-0100-00000000FC01}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64574-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local445microsoft-ds 354300x8000000000000000137266Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:53.602{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-676.attackrange.local64573-false10.0.1.14win-dc-676.attackrange.local389ldap 354300x8000000000000000137265Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:53.602{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64573-false10.0.1.14win-dc-676.attackrange.local389ldap 354300x8000000000000000137264Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:53.595{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64572-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x8000000000000000137263Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:53.595{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64572-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x8000000000000000137262Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:53.404{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64571-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137270Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:57.825{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5D3DAC8492C47EF796E57E1D4CDC48A0,SHA256=D6A83E19106DE96E5435E437031A6AD1945A7C71D5018C4848D7B61B454C8C65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120044Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:57.737{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D5EB25769B3C66479E03FF08B0ABB16,SHA256=EF875333176D347DFB64F9B921D253D6BD717EDDAD0D26FFBAE13E8BE6C0B60A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137271Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:58.825{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3BCA66B241609887A8A70CC9BF8189B6,SHA256=80C0FFBF18632E24ECFD53217B1FDA88FEB2754D007A4987C207F00B3F24A5EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120045Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:58.752{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4EB7C60A8D5B13295D2AD0B205DC9132,SHA256=A1F79C5E77D7646F1A0326F79232FE78B311C78B83A5B38F408FDAFE9B9C08F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120046Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:59.752{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=03891C6877E2F48E11B78F3D1EEE2D64,SHA256=49C143293E6D941CAB0E2B3009B92212EC1C0F929C135F3E3B253AF1AB20C8C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137272Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:59.840{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B9A5149CCFA29A11A871F2780ED8975,SHA256=E75F3D94553E52D26A9FF5E5F3AE094DCA3050AFB68D756B58F58FC0A5468BD0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137273Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:00.856{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F8B8A6A4B7343D8E7FB6A569659AA9E7,SHA256=C345A3784A8259130AFD34B55703AB98F6A848D48CF65112632C570DE526C822,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120047Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:00.768{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25482AD42E647A64905CED3CDFD6C885,SHA256=C83A0FBC75740014F6F4D3A193F0DD4ACF041C9E7828C6966B93EB9125537D67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137275Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:01.887{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E9C821603D028EA9A401D45E2E2A7268,SHA256=F16F69E9FCF72107C80D6BDDEED5C4BF532D509F3174812ACC5285F88EB58DA1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120058Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:01.783{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E317ADB153DA0E9AD478CA79990560E,SHA256=8DF8026D363F224396444FD4E19816B330B49BA675EAA877ABBCF8899B3F0CA2,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137274Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:39:59.404{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64575-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 13241300x8000000000000000120057Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-06 08:40:01.361{49C67628-5042-615D-0B00-00000000FD01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000120056Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-06 08:40:01.361{49C67628-5042-615D-0B00-00000000FD01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00418ba9) 13241300x8000000000000000120055Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-06 08:40:01.361{49C67628-5042-615D-0B00-00000000FD01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7ba85-0x5e740540) 13241300x8000000000000000120054Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-06 08:40:01.361{49C67628-5042-615D-0B00-00000000FD01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7ba8d-0xc0386d40) 13241300x8000000000000000120053Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-06 08:40:01.361{49C67628-5042-615D-0B00-00000000FD01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7ba96-0x21fcd540) 13241300x8000000000000000120052Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-06 08:40:01.361{49C67628-5042-615D-0B00-00000000FD01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000120051Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-06 08:40:01.361{49C67628-5042-615D-0B00-00000000FD01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00418ba9) 13241300x8000000000000000120050Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-06 08:40:01.361{49C67628-5042-615D-0B00-00000000FD01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7ba85-0x5e740540) 13241300x8000000000000000120049Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-06 08:40:01.361{49C67628-5042-615D-0B00-00000000FD01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7ba8d-0xc0386d40) 13241300x8000000000000000120048Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-06 08:40:01.361{49C67628-5042-615D-0B00-00000000FD01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7ba96-0x21fcd540) 23542300x8000000000000000137276Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:02.903{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5AACE26097B2A93DCC684127A78C2576,SHA256=4D7306FE4FE1D3B75D3C776B696E921BC6FF3E21549CEEB41686A55C9CC31975,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120059Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:02.799{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1427AA7B687E61DC03EAA6F500A33725,SHA256=46C0B8D3283AD1ABED2C70CDA6731551DD939E7BFDE01A41B9388E75E834D706,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120061Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:03.986{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DE85128AF6E8B084DF7B3C23DAB57412,SHA256=5427661C9C7B55C9B3AB49933D0D2DA855355A041EAA1EC5D3C37A337A13D30C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137277Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:03.903{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F9040B824E8BECFE1077CD6B5C74858C,SHA256=85392AC32E4808E8ACCA7E78C0BE62FF4C088FE6E13ECAAF0495DE27C804C8E9,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120060Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:39:59.637{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50557-false10.0.1.12-8000- 23542300x8000000000000000137278Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:04.919{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D6A069DB35244DA5A5B27293FE64453C,SHA256=B09E60BF85C8BCD458A2814FBBD613A90B44544735899FC6BD2F9D7F205AA089,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137279Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:05.997{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CB302E0149269D269DDD5E57BB462E64,SHA256=F8F65E2643D112E0D84EEDBC95B329376497400B2F8CD35952D104B44A952EA1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120062Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:05.017{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=143FCA428376D68B4DE79A457D8DA2DA,SHA256=2B7DF0A623B0F279B09D31AA5CEA4F725A3E3DE31C15A79274B8BD17DAB9D7C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120063Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:06.220{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B086518F433A28BC50DCDE41A3DAF910,SHA256=EC84DAD0AFB50A618C52D9B396D124FA8B1268B8750C7B251B1BC6F125FBB386,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137283Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:04.529{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64576-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137282Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:06.402{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8D0D0F66E3EC14D9BA28C135A7A7A7E3,SHA256=37A2347BD4141144D190BB08414399E8EA2DDC0659099E9BD0F25BD2D4C9E692,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137281Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:06.402{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7AF28B017499FF192BB4573CB206FC8D,SHA256=3ABF2684F2A7F4249B2E18FBBEC8371724C0ACBA2958F326FDF319CAF7CF7F0A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137280Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:06.186{6EDEAD03-504E-615D-2800-00000000FC01}2924NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211006072921-068MD5=58D52BFFD80488B8005F7C319C2D4334,SHA256=B9D8441D1BC2ED8425146F5F211E2A21C477807F4E0B7EBAD9811C868FAB9279,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120064Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:07.252{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=958B9B8BD55CBDC55E73B83F2F97E293,SHA256=BB70B4F6022AA12395877BD34A2B5152810E86E8998DCC1DE3D4773101FEAFCD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137286Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:07.200{6EDEAD03-504E-615D-2800-00000000FC01}2924NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211006072919-069MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137285Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:07.027{6EDEAD03-5041-615D-1100-00000000FC01}380NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=BF91ECC2634C872146E6940BA10994C3,SHA256=E9B4F6A6CF62EA2F06FF9232F923DFD852E94F88506B5EA4C7A752D86B6EDFA3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137284Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:07.012{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B4D7F17B357A1EA82814F8CB70619D00,SHA256=E1C1393205DD1A9C80A76A68816782A266C41F91A427F536C877C7238B86A6E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120067Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:08.752{49C67628-5043-615D-1200-00000000FD01}1012NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=BB52613F7B893B7BE894B4A001C017E8,SHA256=3AAAF040362BF091481B3A682B2B858EA3543EA200BF61615AFE261A71AF2576,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120066Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:08.439{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EBDCF9AEDED923194585B69C0CFB78C7,SHA256=66DD44F7DD6A36C92E3F51CE44DC06146B481C156B1C1B38357350F4A567CCE3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137287Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:08.015{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C75135DF9A76531464235ED9129B3FD5,SHA256=C144963EE60FF177D692ADA203B16920A7FE7E44009F3F8B0F61B75B71B5F381,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120065Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:05.684{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50558-false10.0.1.12-8000- 23542300x8000000000000000120068Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:09.502{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7DB0CD3598B0396842A8FB36D32253AF,SHA256=EE1C52C6ADBC457816FD1C0F20AA2393094921F7D4AD20076C53634D394440C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137288Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:09.031{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E1C10551F32A7DC06AAFB725167034C2,SHA256=96F58E5071AE561BFB7AE74CA1936736621D2A9992A6A55F38F16A958CD0E4F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120069Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:10.535{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=79EB1A8962041647F352ABC2CBA00D95,SHA256=1632F9F4C50644F2B3DAD962582AB58E361D747F21978B5C2160400E7582B743,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137289Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:10.109{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10939A174B1AF57E900B1B5EEDE18479,SHA256=2E4DD65AE5EEC17C4A262D0D932C03669F61A74703E3FC81C985F2F82AEA419D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120070Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:11.566{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=94C095285C7353FF7DBD46D901CE9E00,SHA256=0D2B0EB2A9D48E13018F4E00E0970444F36AE6F2E319765DB376CB1B4C167776,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137290Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:11.122{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=278520602A7CC241B74D00C00C9A7C80,SHA256=163CBE43F9F75E67A37C873FA2ED31F6511E3898352D71ACF497902E615551B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120071Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:12.675{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=66BB181B0484E06481EE3418268D405C,SHA256=18A6EC0710E52A550E134492D1AEFD637BF8D5E1A5507364A276AB78F0F38C6A,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137292Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:10.389{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64577-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137291Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:12.153{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C53E85A1C664A9701AE9F534E574A7FE,SHA256=69E99B019B3448F0E1C2B951093B7F7C6C16C5B4F806F815B2A9141807935BBA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120073Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:13.722{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5BF000679CC9CA21269783581685532B,SHA256=C3AAC4EEDEB55BB940B34CA85A4E64AB04BF03F667C301261ED26FF4DF92457D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137293Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:13.169{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3886F36726CE45E559D44C5D79ABCBD0,SHA256=3DD2B091E8F432CC40B286B040D51845FA2BBCB67FD600D97BC9EC44AEA3409B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120072Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:10.716{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50559-false10.0.1.12-8000- 23542300x8000000000000000120075Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:14.753{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=07AD4B5D4095ABB8C529CE21B1DDEC69,SHA256=4FF1B0A428F61D5C30E54556E62D9412D7F510FFBDC055DE85720CD4E0FC3638,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137294Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:14.184{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3CCE51E0DA96A94761552910EB25A647,SHA256=97BDEE9A374FDF5A4C988E0B7111E438CA38B6EEC6B8F02529655F1E2C4A7EEE,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120074Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:12.671{49C67628-5043-615D-1000-00000000FD01}936C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse193.118.53.210zl-ams-nl-gp3-wk103.internet-census.org55528-false10.0.1.15win-host-340.eu-central-1.compute.internal3389ms-wbt-server 23542300x8000000000000000120076Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:15.956{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D4EBBCA74A46AC2A388A792914B14A78,SHA256=3EF1A80A8A83C22FB3D1955FC732CC554C1E8C28926EC48F561262ED95F4C904,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137296Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:13.966{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.15-64984- 23542300x8000000000000000137295Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:15.263{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F7884A3EE8C57AD2C0AB10082657CDA9,SHA256=0685099CF352472D8EF8BAEE1AFF13349F42DAFC2EAB00A779CE9CBDFB87649A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120079Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:16.988{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=53603305649B7DF7DB5542AC0AB96288,SHA256=FC873EAA460DB6FFF04C5F33A3A119D8CB71820ED9F28166D63E32A3E6A29DCA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137297Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:16.356{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=079AE3B6B38E986A8E69A65369E32526,SHA256=2A8860ADFE04BEBEAB3B3D62F3D935CA48F55D7DBDEB9A90190ADC60649C66C6,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120078Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:14.062{49C67628-5043-615D-1700-00000000FD01}1244C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudpfalsefalse10.0.1.15win-host-340.eu-central-1.compute.internal64984-false10.0.1.14-53domain 354300x8000000000000000120077Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:14.060{49C67628-5043-615D-1700-00000000FD01}1244C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudptruetruea00:10f:0:0:9860:9a8d:b80:ffff-64984-truea00:10e:0:0:0:0:0:0-53domain 23542300x8000000000000000137298Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:17.372{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DFDD3BF27EB12CE3093B2C5B250599C4,SHA256=948E315D30ED8502327DD2E0393BB2546DE73495A223841C065B42E9922EF5C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137301Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:18.919{6EDEAD03-504E-615D-3000-00000000FC01}2448NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137300Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:18.387{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E8ED07002BE722318B7088F408B4FA78,SHA256=DB61A459CDC7A0F05A4C0933F0A6FE66B611D3B9ABB61DFB233768DCB4FF25A6,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120081Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:16.638{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50560-false10.0.1.12-8000- 23542300x8000000000000000120080Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:18.003{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F3F08E04FA4439382D94868271079049,SHA256=E73DD290B4FD73C355D1E73890175D01E548D2FEA0A8636FF98D201D35D18C96,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137299Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:15.529{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64578-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137302Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:19.387{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4EFBB3429C4B9094F8945D019F08EBD7,SHA256=D1D3304DA3EB95B08AAF4665CFE85947B55F0D3F06A608A79D22D146CAE0FF4D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120082Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:19.019{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FBAD60C5234F6FC28ABBC4B37DBFE8D5,SHA256=1D8CFDF3C956A8BE572A77BEFAAC2B6237440FDB72C2BB4A76DF85150628E1CE,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137304Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:18.232{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64579-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000137303Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:20.419{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DA4BCA12064548B61C8B7A0CD6E00F63,SHA256=E9B09A9E56715CCBE5AA77771F409B77C7095F6394513F3C8E095B17989FED64,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120110Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.831{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-60F4-615D-8802-00000000FD01}3460C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120109Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.831{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120108Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.831{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120107Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.831{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120106Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.831{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120105Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.831{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120104Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.831{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120103Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.831{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120102Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.831{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120101Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.831{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120100Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.831{49C67628-5042-615D-0500-00000000FD01}408528C:\Windows\system32\csrss.exe{49C67628-60F4-615D-8802-00000000FD01}3460C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120099Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.831{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-60F4-615D-8802-00000000FD01}3460C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120098Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.832{49C67628-60F4-615D-8802-00000000FD01}3460C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000120097Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.300{49C67628-60F4-615D-8702-00000000FD01}27203840C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120096Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.159{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-60F4-615D-8702-00000000FD01}2720C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120095Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.159{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120094Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.159{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120093Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.159{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120092Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.159{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120091Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.159{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120090Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.159{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120089Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.159{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120088Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.159{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120087Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.159{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120086Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.159{49C67628-5042-615D-0500-00000000FD01}408528C:\Windows\system32\csrss.exe{49C67628-60F4-615D-8702-00000000FD01}2720C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120085Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.159{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-60F4-615D-8702-00000000FD01}2720C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120084Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.160{49C67628-60F4-615D-8702-00000000FD01}2720C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120083Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:20.034{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF29DD7D7035BE965DE9AAE38C017D29,SHA256=A2C9F3DCF93B13ACEE21634046C3AC3F3346337FF64BE28EC764F414A7C9E5B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120113Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:21.300{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E09AD8374CBE6A3BCA84139385653655,SHA256=B4FBC0E41A0BC3F0DEAC2813526806A548E0038EC907AA200DAF200704E7EFCD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120112Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:21.300{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F69CAF9A665F01D43ED8BF414013D3D9,SHA256=AE87B7264F3ED4936A1F0F9280E60EF5DCB86659DE63534E1950375CCE561610,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120111Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:21.300{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C2AA4FE22E756FD165721AC1BE29B480,SHA256=227A2B84EEC0A4FE6D463C3DC63FFB147E26439E5DFE89DC6CE908C69B8ABBBD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137305Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:21.450{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5542A9A3E5EEE68101A85ED6E26DA434,SHA256=39E183007E8750A65E652811AE3E2C40583CA1B882D828DA7D796F1AA4D020DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137306Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:22.466{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0DB1E98E0C7169C272AEF1ACCD6EA3DD,SHA256=DA273E8129B3CD6D20956AB92936C61FCD89E3B1E018F2EC5147C506E5DCF542,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120127Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:22.534{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1CF4F138FA6FA3C6DBBF14821C75079F,SHA256=4347EC401F1B6CB27829CA8DB33933E1172C5EFF6880984CC836A14CE0BF5523,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120126Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:22.284{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-60F6-615D-8902-00000000FD01}1136C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120125Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:22.284{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120124Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:22.284{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120123Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:22.284{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120122Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:22.284{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120121Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:22.284{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120120Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:22.284{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120119Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:22.284{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120118Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:22.284{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120117Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:22.284{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120116Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:22.284{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-60F6-615D-8902-00000000FD01}1136C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120115Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:22.284{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-60F6-615D-8902-00000000FD01}1136C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120114Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:22.285{49C67628-60F6-615D-8902-00000000FD01}1136C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137307Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:23.481{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7AB6A2F58E568163AD29357EF1A15DDE,SHA256=A3E392D6BE22D2FE77EAA2EBD880A96518AEC0D0F0DA1383FA6811267293886F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120143Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:23.565{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C8E1930E01197347A9E0AACD12FE6D0D,SHA256=79FC30E54346C54F93481140693B37EDE6A5D7140F91094659128E916AC65FC1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120142Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:23.534{49C67628-60F7-615D-8A02-00000000FD01}1928932C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120141Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:23.393{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-60F7-615D-8A02-00000000FD01}1928C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120140Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:23.393{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120139Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:23.393{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120138Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:23.393{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120137Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:23.393{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120136Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:23.393{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120135Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:23.393{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120134Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:23.393{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120133Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:23.393{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120132Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:23.393{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120131Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:23.393{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-60F7-615D-8A02-00000000FD01}1928C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120130Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:23.393{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-60F7-615D-8A02-00000000FD01}1928C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120129Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:23.394{49C67628-60F7-615D-8A02-00000000FD01}1928C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120128Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:23.315{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E09AD8374CBE6A3BCA84139385653655,SHA256=B4FBC0E41A0BC3F0DEAC2813526806A548E0038EC907AA200DAF200704E7EFCD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137309Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:24.544{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1E9D0F1910FCE6F4F5B217564F655F47,SHA256=03E69C3E17BB111EBBCE64AC4F98ACB3C1FD49AE7C1578FCFA3A3378C548101D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120172Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.971{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-60F8-615D-8C02-00000000FD01}768C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120171Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.971{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120170Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.971{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120169Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.971{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120168Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.971{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120167Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.971{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120166Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.971{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120165Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.971{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120164Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.971{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120163Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.971{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120162Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.971{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-60F8-615D-8C02-00000000FD01}768C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120161Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.971{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-60F8-615D-8C02-00000000FD01}768C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120160Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.972{49C67628-60F8-615D-8C02-00000000FD01}768C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120159Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.581{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BB8B6AE9B4573E5B9B1CEE3931E8C198,SHA256=ABF348A65BD01352F160C67893C7DC158027DB0B5CC8036851866CADD1924F3E,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137308Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:21.482{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64580-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000120158Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.440{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=42A241D160DEB89D60A4DC91FF1D96EF,SHA256=8F14042ABF89DBE1F8DA51B7B447864BBD9A9E635DA5D7847D95F2E782357A68,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120157Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.440{49C67628-60F8-615D-8B02-00000000FD01}100696C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120156Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.300{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-60F8-615D-8B02-00000000FD01}100C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120155Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.300{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120154Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.300{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120153Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.300{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120152Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.300{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120151Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.300{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120150Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.300{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120149Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.300{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120148Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.300{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120147Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.300{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120146Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.300{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-60F8-615D-8B02-00000000FD01}100C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120145Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.300{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-60F8-615D-8B02-00000000FD01}100C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120144Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:24.300{49C67628-60F8-615D-8B02-00000000FD01}100C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120175Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:25.581{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1BDDD38D96B8630369DD66B2CB02343D,SHA256=FAE3CF3D8ABD5615A889F5AA22AD611F0E87F2B74845344BBFF5222C94DE8154,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137310Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:25.559{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=66D894A8970364C78893380E9260F3E7,SHA256=19075C64A2233E5A88080D43D4400B3A4D76F0A6F2214E6C459F78A04D55D27B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120174Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:22.622{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50561-false10.0.1.12-8000- 10341000x8000000000000000120173Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:25.112{49C67628-60F8-615D-8C02-00000000FD01}768920C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120190Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:26.987{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-60FA-615D-8D02-00000000FD01}2540C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120189Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:26.987{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120188Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:26.987{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120187Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:26.987{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120186Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:26.987{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120185Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:26.987{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120184Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:26.987{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120183Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:26.987{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120182Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:26.987{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120181Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:26.987{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120180Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:26.987{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-60FA-615D-8D02-00000000FD01}2540C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120179Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:26.987{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-60FA-615D-8D02-00000000FD01}2540C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120178Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:26.988{49C67628-60FA-615D-8D02-00000000FD01}2540C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120177Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:26.596{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=73CFA8C2741EA373DC0C3F2FCA9C448F,SHA256=73DCBBC2D22463D05F58F8419B7CB708E55D59E2B51D3E9C8F1D2452CC255054,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137311Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:26.575{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B1C6F422710E0A1B5800697E07B31087,SHA256=5A76914D879AF30D2B789F33D35DCAC916FB513D2E5FC9CB250FC21B0B55B97D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120176Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:26.003{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FE6099BBEA76F5E1B8CA1C7247E7EA61,SHA256=888023DC4AFD3D14A600308FDC92407FB7945AD32C881C601280F9EBF5AB128C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137312Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:27.591{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5DC01C31AACFD70BC414EFF816B490A6,SHA256=9D64957E0515763451557818323243F67CAF041A412661D37E7D876092A463B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120191Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:27.597{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0A91BF8CFC814C59960B2014DD3EB76A,SHA256=8DB04316C9556D2ECBDD195D0F21B55F7CAC497B0AB2C7911BBA53FEFA309CCD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137313Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:28.606{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=17A11C25274B764593513C3CBF1D42DE,SHA256=FFD77E154A0FE9DE6FB504D43B9442EB6455F8FE6DFDDC80E991E9EB43002DE5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120193Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:28.597{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=52535491D8A39977FE6CDACC8161AAB5,SHA256=C6D99DE428CF256C53C2B9A535CEF47984E4FA6516904B1038610020C625C419,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120192Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:28.222{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D89F299BBE4762711959985C6B644ADB,SHA256=52336A81B77D7960765CA0D064B80C1AFD707C69D7B11037C3CA74DB59F9AA98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120194Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:29.598{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C8F426F24520E953B3F32D2279071D9F,SHA256=11551CA6B07D39EDD7A9E52EC7FAD0CEA0F1CFE6F1657D186DA4BE6617BE41B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137314Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:29.622{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=461486462A33DACE441D1B378C734DBD,SHA256=F7865B0211F6F18150827E3222928BBA107CDBC17398A1C7E84201F3C91B0675,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120196Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:30.628{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=322390A6E9461C82F0641CC9244DBEB3,SHA256=758A6330EA0052978D67DDC052EC416D86FD2CD376E90A29A2CDB40A48E44560,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137316Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:30.652{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5265ABDC301DF8CB99DFA5A0FFB94102,SHA256=D4F16A89434481A23BFCF9915CF92549BCC63144874A55E3847DD7748DFC73A8,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120195Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:28.607{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50562-false10.0.1.12-8000- 354300x8000000000000000137315Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:27.467{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64581-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000120197Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:31.629{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9CE8BB0952DB75B1C24676015C923D90,SHA256=60F5170F4146BD486E492683A0A3FF24B31F146B0092708F23D50075FAF09DEB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137325Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:31.684{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E6AF2BAA69C6521EC84E96451BE679C,SHA256=D978234A93BEF5944AFCE254866C90FF5DC4B354B6981B206732D5262BCA6BEB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137324Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:31.262{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-60FF-615D-BF02-00000000FC01}2444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137323Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:31.262{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137322Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:31.262{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137321Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:31.262{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137320Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:31.262{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137319Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:31.262{6EDEAD03-503F-615D-0500-00000000FC01}408424C:\Windows\system32\csrss.exe{6EDEAD03-60FF-615D-BF02-00000000FC01}2444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137318Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:31.262{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-60FF-615D-BF02-00000000FC01}2444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137317Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:31.262{6EDEAD03-60FF-615D-BF02-00000000FC01}2444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137337Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:32.730{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B6355E58DFA172AC6CC7E397BCF60AD,SHA256=3CAB4A8CCC404B12A7962A734EF56061FE06305D4896676D1F4659394B1D42F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120198Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:32.676{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DE9DB545A2C3F1B4EFFD6D683A217349,SHA256=B2C60431291D16E47A2D5A82A00F1FAF5996DF88C1C4461D3D9597A6EC21E916,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137336Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:32.449{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=04611D981A16ADA39EEF2250B0FA6385,SHA256=10DB9AE8E594128A973124133566970EC0EB23D08E562AFB3531C9E6953C9C06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137335Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:32.449{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8D0D0F66E3EC14D9BA28C135A7A7A7E3,SHA256=37A2347BD4141144D190BB08414399E8EA2DDC0659099E9BD0F25BD2D4C9E692,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137334Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:32.324{6EDEAD03-6100-615D-C002-00000000FC01}51242904C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137333Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:32.137{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-6100-615D-C002-00000000FC01}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137332Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:32.137{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137331Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:32.137{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137330Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:32.137{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137329Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:32.137{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137328Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:32.137{6EDEAD03-503F-615D-0500-00000000FC01}408424C:\Windows\system32\csrss.exe{6EDEAD03-6100-615D-C002-00000000FC01}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137327Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:32.137{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-6100-615D-C002-00000000FC01}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137326Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:32.137{6EDEAD03-6100-615D-C002-00000000FC01}5124C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120199Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:33.676{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DA3661114A5FC5D8434B7568D3075E08,SHA256=CF7A438826BA52EC0DE41EDE1B36946FB110C2B3AB40CDA6363A4538DD60F44D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137346Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:33.746{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C94E156F3577FC4AC64B34CBBEC980EE,SHA256=CE2A95494F52D203D68891973EA44C28660C3000F0F8C361A85EF60F0EC9ABB2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137345Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:33.262{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-6101-615D-C102-00000000FC01}5804C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137344Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:33.262{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137343Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:33.262{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137342Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:33.262{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137341Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:33.262{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137340Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:33.262{6EDEAD03-503F-615D-0500-00000000FC01}408356C:\Windows\system32\csrss.exe{6EDEAD03-6101-615D-C102-00000000FC01}5804C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137339Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:33.262{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-6101-615D-C102-00000000FC01}5804C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137338Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:33.262{6EDEAD03-6101-615D-C102-00000000FC01}5804C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120200Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:34.677{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C07EA8A6E4569827A4D715CCE2B615F5,SHA256=8E002A5E586B561216C4E6044E0B4FE448EB6A8DF914830E455EB20BE48B9C24,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137357Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:34.762{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=893D4C02238C82659B330B4CADF79710,SHA256=831A401C8D607ED4E2113522FA00C70C3F8E2DCA3F196DD294BAF9281075AB8D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137356Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:34.668{6EDEAD03-6102-615D-C202-00000000FC01}39765800C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000137355Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:34.496{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=04611D981A16ADA39EEF2250B0FA6385,SHA256=10DB9AE8E594128A973124133566970EC0EB23D08E562AFB3531C9E6953C9C06,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137354Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:34.496{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-6102-615D-C202-00000000FC01}3976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137353Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:34.496{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137352Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:34.496{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137351Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:34.496{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137350Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:34.496{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137349Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:34.496{6EDEAD03-503F-615D-0500-00000000FC01}408424C:\Windows\system32\csrss.exe{6EDEAD03-6102-615D-C202-00000000FC01}3976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137348Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:34.496{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-6102-615D-C202-00000000FC01}3976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137347Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:34.497{6EDEAD03-6102-615D-C202-00000000FC01}3976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120201Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:35.771{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9BF44744C6285C0653248CB1213E2C0C,SHA256=A5911AFA561E5CAEDF424B23B3FEEA9C00D61361A1699235367EDEA1F0D33A63,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137378Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:35.840{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-6103-615D-C402-00000000FC01}4356C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137377Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:35.840{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137376Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:35.840{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137375Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:35.840{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137374Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:35.840{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137373Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:35.840{6EDEAD03-503F-615D-0500-00000000FC01}408524C:\Windows\system32\csrss.exe{6EDEAD03-6103-615D-C402-00000000FC01}4356C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137372Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:35.840{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-6103-615D-C402-00000000FC01}4356C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137371Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:35.841{6EDEAD03-6103-615D-C402-00000000FC01}4356C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137370Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:35.762{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1953EC86E22310EC7AE5EBC5E38311B8,SHA256=FD7AC34F84436B45F7386056EE7C78DBF31BB2F669C1E1A83DD98677FE2E6F23,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137369Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:32.763{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64582-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000137368Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:32.763{6EDEAD03-504E-615D-2700-00000000FC01}2916C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64582-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 23542300x8000000000000000137367Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:35.496{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8746170761A3822A8F82BC031EA6B4AD,SHA256=BE75CD277EBA8A2BC42A5856CD9ADCBDF609E487F36B5BF079E5A78FFF4B7486,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137366Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:35.324{6EDEAD03-6103-615D-C302-00000000FC01}55764208C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137365Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:35.168{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-6103-615D-C302-00000000FC01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137364Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:35.168{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137363Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:35.168{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137362Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:35.168{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137361Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:35.168{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137360Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:35.168{6EDEAD03-503F-615D-0500-00000000FC01}408404C:\Windows\system32\csrss.exe{6EDEAD03-6103-615D-C302-00000000FC01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137359Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:35.168{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-6103-615D-C302-00000000FC01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137358Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:35.169{6EDEAD03-6103-615D-C302-00000000FC01}5576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137382Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:36.855{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C2C480A94E4AFB28AE8930F8AEC3FB07,SHA256=784DCC936107AAE17EA95966C7C8DA4D822C9B34B2AE51B8E2F97EF42F13BFC1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137381Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:36.777{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4B12523597CF4A8A2D3B61FC4A62FC7D,SHA256=3F1CA355D55DFCD4B9EE2F65EB6EAA283C9A30CBDBB8B2B917F10DA0D5430854,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137380Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:33.481{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64583-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000120202Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:33.655{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50563-false10.0.1.12-8000- 10341000x8000000000000000137379Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:36.027{6EDEAD03-6103-615D-C402-00000000FC01}43561008C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000137391Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:37.777{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BDD70CA399F9C90E6487F7D22CEF07C1,SHA256=5E615BF841E14DD963BE16F3EB29C3245E2AF25C133673D6B6E6DF672FDDEB98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120203Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:37.006{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2C1A8FDF5E46AEA570122266E15A22B2,SHA256=6C183805D8CA5C62C45C91D27DBDB9855FADE542193BC62B10C09CFCA606B2D3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137390Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:37.762{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-6105-615D-C502-00000000FC01}5048C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137389Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:37.762{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137388Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:37.762{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137387Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:37.762{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137386Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:37.762{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137385Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:37.762{6EDEAD03-503F-615D-0500-00000000FC01}408424C:\Windows\system32\csrss.exe{6EDEAD03-6105-615D-C502-00000000FC01}5048C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137384Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:37.762{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-6105-615D-C502-00000000FC01}5048C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137383Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:37.762{6EDEAD03-6105-615D-C502-00000000FC01}5048C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120204Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:38.147{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD2501541CEC31735AF4EAEDAD934423,SHA256=35B5865C93CAB6ADFA35DB81F78133A66237C0CA28983567F1DC54EFD76A9EFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137392Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:38.793{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E1C5E14CCCAC15F02848D1F25B377CCB,SHA256=80DC0D99F00EA4A15B543B7FEFDBFEFC30BFB40B84D308D638A196A00A825A87,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120205Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:39.148{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=76EDF500847D6D0E26ED51438F6A9D1D,SHA256=264F1573854D686B561EAB6FDA75B1FA867FAA27A9CA10D1551DF00735D49F4C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137393Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:39.012{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=94DBE9CE92B5D5A8A6E2F46038B34B9B,SHA256=9A62F09405CDFFF0C364670723F5AF6183747974A8A8D46302CC63267CCE4568,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137395Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:38.575{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64584-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137394Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:40.027{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=90F595C63F7908D20B12148474974D94,SHA256=2A07696B53AB8E113A254CB40A7874A115F7E30141C145C70F38A8098560A20F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120206Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:40.148{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9DA52E5C1C4ACA4F20862ECA44FC1564,SHA256=4A861A8041BD965FAC8B06CDA9582C2CAD3945AEADBBA8A0C5F6C4018DD84378,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137396Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:41.059{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3E70B177187C5F9DC1512457F0096C46,SHA256=13180BEB86EEECA9042215B1428690645C8CA355C7ED02FD7849EF1A79FFF704,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120208Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:38.689{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50564-false10.0.1.12-8000- 23542300x8000000000000000120207Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:41.164{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A9A922738937108C85415DB9CEB299A6,SHA256=851B563C052C42375239B7DBB3D62DE9342F2586995B2AECEAE020A7519E8603,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137397Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:42.090{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DA8FAC4D6C6150D0FD77929B248D574F,SHA256=CF67EDBE3A5568645673DA8A9088406187C517A29A99C073B8CBD6245808DF31,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120209Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:42.165{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E35D26EB435C2B49B73B93AE7F25767,SHA256=EF4BA35DD22292E5E09B68C761D46CB6E956104734C0A0C08B470BF9937EE534,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120210Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:43.400{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B01F9FC78AE4A0473D9F19D8BE61F1F9,SHA256=B084B6B0BDD9C52063BB0C62A961B9EE735B7950F2E6EAEB282BE16436475237,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137398Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:43.168{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C8A8095770CED818E27303C04CFC4501,SHA256=2A94531596F2FEDE9CBCDD14C0A8945A127DB28846A99E47EAA9DF7408445EF0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120212Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:44.431{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9CDD16F146F1954316DFD109D29E396F,SHA256=DE28433F64380DC458F5A8B5180FE106385BDDF8F074701F6196917EEF643E5B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137399Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:44.184{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=74AB87C24AE49F2FAA2F713974DC3529,SHA256=66DD4A2A25DF05F295BE0A4C9EC3E90882AA31EE0EE2648149AD211630B475CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120211Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:44.291{49C67628-5044-615D-2200-00000000FD01}1580NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120214Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:43.800{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50565-false10.0.1.12-8089- 23542300x8000000000000000120213Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:45.494{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7542E72EEB0D67559C0CB5269093A118,SHA256=7E06D7F40CF6B5852BC94F5E4DFC04440E4172D33843B2790924C7BAB0C5872F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137400Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:45.199{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CC245D5B2DD7B0C2082BA7B3E69EA7EC,SHA256=CFA0BC619D794754E6A7C68231220BE08D5E159F1DE073BC691D869284CC9C65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120215Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:46.526{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B3B465BFBD6FD06E9E92DAFB28BDD567,SHA256=679810F15EAC11407B12E4B12CDC33B145CDB0154CCAA862695EB177BB2430B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137401Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:46.215{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D419281C6737C3091A807E11A349B838,SHA256=0FD3F62889791BF09CCBC4ECA1D7A6A874C3E53325757FAE69D93CFB48B10922,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120217Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:44.582{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50566-false10.0.1.12-8000- 23542300x8000000000000000120216Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:47.605{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2F06F35B5ACD01C553FDC8CE217CCFA7,SHA256=5F581CBF9B3B734E8466F5344AA9DD84D482577B7FC0E95447CE8F7DB3B570AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137402Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:47.246{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=19DB93108A600B2E24FDC62A2286351B,SHA256=4AC9094DC5C752ED02308DA0804973C620D52919A23380F3DA57AAFF3A079745,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120218Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:48.621{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D6EF356F6A55329E03DF8CDD4AEB4D0A,SHA256=8952BB387B3C37BCA073871E7A15876E3CB8D52D36BEB7AF45C1766060EE4CB7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137404Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:48.324{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F0697A2FBC943F980125EB5B71E6651,SHA256=9E31416E6E30A5D4AB113BA477F3881667A2D0A3A051CC380E9AEB8C3BCB5DCB,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137403Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:44.497{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64585-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000120219Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:49.621{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=36A8995B3E420C6A9C1F040FAF983E2D,SHA256=C9F77164FD9028ECEBC28F52039FA1C5DF6CED3426D2D87D0C1EC3D67AABE269,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137405Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:49.418{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9851A534842AB5B7BEFFD7B89EB825CE,SHA256=BFF711F555EDAE5DFB6285C690406FD400CAFA32F227C4F77372124EF9EBA12A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120220Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:50.757{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CDB5C427FF01862CC98576A4B5607029,SHA256=4FFFDCE9061A158CFC16DAC226E97C7B625D8EBA9C5D70FF1685C6EBAB2FD1D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137406Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:50.422{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4165C46741627B8174F9CC394A51B7D7,SHA256=2A8F1B8E08D20D32115AA4E3604B37D51AF17E5ECED2E9662799C4EF155F0699,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120221Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:51.788{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5B89B3B010A402139DCBCA76D4E0F383,SHA256=2BFC4D041F5BFD0BCD4C2111A7B0911226EC01698B748171CC3A28313A92123A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137407Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:51.438{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE831F0A55453F2E2A70595EB71DC6E9,SHA256=8EA337A56AA51C053578283F4C0CA9631B03075D78167D30C8B121EA654A383C,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120223Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:50.595{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50567-false10.0.1.12-8000- 23542300x8000000000000000120222Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:52.835{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=707B115653375161F105D513998DE8DD,SHA256=88CF140B3A804DF808409DDC16473CA401FBFAE558BEA4A22AEA7E2D2734BCCA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137409Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:52.500{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=34C3230F10AF8290C9EA065362BE02EB,SHA256=70F1429A7B6EB6AF63EDBB6232CE7512E6E25C7769F9E01C77450CFBA198C4F8,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137408Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:49.591{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64586-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137410Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:53.531{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F5018B3F6D711D4FAD3CB8462F1A314F,SHA256=9DBD6BEF2C2D83C2973E166D5CEC07E9B006BA913DD1CFF7764E441822B983C4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137411Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:54.547{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E8F6B8A996510C1B6F3E4D012BE2F1E4,SHA256=BA590002A8184751D68A6170187B6752224F3F1F1CE6B9192B8806244D112C95,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120224Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:54.069{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D12B885C5DB10AA9C5E1602DB496E114,SHA256=90AFBFA4D68A49AAF1C09A6EB4D18B251016512207543BCFC8E0E644875631E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137412Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:55.563{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8DD9E508D47E2B23CDC90CF4B4F9FA31,SHA256=09FBED47DBCF96428546C64AFADF1C04CEC23827CDCF5C043A8344C933649875,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120225Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:55.210{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DF359B3DCAAF39DC7B7F9CACE929E066,SHA256=A477BD2BF9447F3007B578F894EE42111EEDA9982B7C518E53717FCF3A546EB2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137413Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:56.641{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C7A16FF67EE74F4275DFDDFCA62A1B42,SHA256=83905EFF5FFF9AE2966EF55B4E0B3B3E32A65FC1FBAA34A8E502039409495E0B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120227Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:56.995{49C67628-5044-615D-1A00-00000000FD01}1860NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211006072910-069MD5=266A8C17E3E1B8A0B29A8C5E77CA200E,SHA256=01EFC44F32696762DC9319663F7889EF6AAFD7A8B30AE6A823FD17BD5EE43D66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120226Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:56.304{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9E9D60A7B56BB398D62DC9729FCEEC8A,SHA256=DAEEA8846562A8F949B40695EFDDD1DCA29EAAE94F2C6EF2407686D270E6030F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137414Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:57.656{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E5D0AF9DB2E021F5752EB702895DED3C,SHA256=03951AE7B3C9BFA321D7C0F1C9AD9A112AB5AD5F4CC516B4D9F7D9039D2A5B66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120228Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:57.505{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=75A673595E3990FFE1475DC8DF81557E,SHA256=E59CE0386008C953F1E07EBB37B3A4D73D180DA26886F32E1E8F460DCBE0D833,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120231Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:55.657{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50568-false10.0.1.12-8000- 23542300x8000000000000000120230Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:58.530{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=77C8CDCFAADA70009E4A7AA3BC663140,SHA256=836E04AFCD67C7A0575FFBDB6E9703C2C6CFB8E48C95AD04F4535E8286A89A14,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137416Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:58.688{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=82BF2354F7C641B1E917A6BFAADDD379,SHA256=3D599C2CB1EB4DBD3161B012CCEC06C27F483A9E28DDD385271FFDBCDD26AF55,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137415Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:55.360{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64587-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000120229Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:58.006{49C67628-5044-615D-1A00-00000000FD01}1860NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211006072908-070MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120232Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:40:59.655{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B12DC2002A1A32FF8F859F683AD61B7A,SHA256=13E3CC4C592F848142617593CFA530A8EA9C2429AE1DF6D37DE32F4BF024F0C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137417Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:40:59.719{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D22F0A4B09B2A284E395D6BF2316B1C9,SHA256=3709D63D3699A7F721A49EEE131025CF5F405BDFE24784ED0D3F9085CF4F88BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120233Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:00.780{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5C0D48ED89F1B5D91C193C995925B065,SHA256=0FD2650DBDED7FBD8F978B9D7582913768E428B6D84C41698A5DBE22B565CD2A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137418Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:00.735{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=755E249CEA522F1781F2329469F37498,SHA256=78A0462FC8C3030C95B13A7F5B53F1225A7FCB738CBB93D252CA4F3CB3CF8422,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120234Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:01.796{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=745A4EB5712D4E34966BE4AC0B7A6380,SHA256=FE22A22506CEEF58B27299593E7AB45F15DAA16549D860C908D29F48B79CCFBC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137419Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:01.797{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=21DF16F8CB8A16CF0CBD35DFB0E3E06E,SHA256=D27EB23DDCE50FAF779D51AFA01428A59F1FAD7FFE4A026CBC653428ABAE1B8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120235Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:02.889{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=76F66E90380F607C54766E76D0E1FCF2,SHA256=3730458EBC2E7333A1E591FFB9C1B4B7FFA81C1101ECBC2195C32573E977BF05,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137420Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:02.875{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5497A6DCDD15BFEC3FF785A6BD7A774A,SHA256=867A4956FE362D963B390A7A71214AECC70A34500DADC81A33FAB52614949F6F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120237Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:01.680{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50569-false10.0.1.12-8000- 23542300x8000000000000000120236Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:03.967{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C129B078E8FC95F6D134B3FE7FF159DE,SHA256=F3F0AB928BA0CCE13772BFDF5F450B5EE470492D9F956961617293447A01D7EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137422Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:03.891{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B8042B8E2B78427F61563B4A6C9017D7,SHA256=54943871D9BBDF569B04990998E148F61A48B3CFEB1D06AEA779B65BE5BF4C09,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137421Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:00.517{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64588-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137423Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:04.922{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=268BF175CE12F5FF194A52BDADF77FA8,SHA256=612244F954246FDB8F2C705329D619C831F0FD10323B82B70BEFAEC1241C28E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137424Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:05.969{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=229F9D1F3D4E2DE031221355539882F6,SHA256=A64F5516D55E3F09752B7B77125A9708D9A99EB15D07E1DFB6A92B64A01619C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120238Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:05.030{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AD1F0E46665DA4A495FDB6F219B47648,SHA256=C1DF97C3658E7AD743AE6D8D64A0803B97890D4E0196BF433658F2C70A073F6F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137425Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:06.985{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=85C47A448D95DF35A6D85A56F3C43DA7,SHA256=3244ABCA9BD634E0E4E3359655D8941530FC90DB516EF9B97CC1905ADF84DA2F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120239Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:06.124{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=402747D6FBA473E929261C64FA198106,SHA256=0405599169F60B3CA15EB3236901B7E75954DF3546F18D57444064AC85A8D833,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137429Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:07.985{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=71AD5D09CC6A26A21A0F31A5177F80CB,SHA256=FF264ADD85FD54D31E04C1F1C540D79A0915FC27C0A2279CEBE011910E0D6609,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120240Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:07.155{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C9E6AD5DD5472C0879B7C61B3170C0C,SHA256=2D7A81ED44D2BF78E65C61833B46EB9B75094FD9A1E4AEA260917032AF15E8DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137428Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:07.722{6EDEAD03-504E-615D-2800-00000000FC01}2924NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211006072921-069MD5=58D52BFFD80488B8005F7C319C2D4334,SHA256=B9D8441D1BC2ED8425146F5F211E2A21C477807F4E0B7EBAD9811C868FAB9279,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137427Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:05.548{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64589-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137426Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:07.031{6EDEAD03-5041-615D-1100-00000000FC01}380NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=99CE2377B3640AFA8CE9A6F5059B3231,SHA256=2BD95BB0BC1908CD05B78F245AA9450326E081EEBE8EDCB627B1A9572AF99F9D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120243Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:08.764{49C67628-5043-615D-1200-00000000FD01}1012NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=F4633FACCB0A2433886909A5CC93C66D,SHA256=302EEBF1E87A2E2EEF1195082BC2A10FFFE57B3C9330A86F94D3883A7722D527,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120242Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:05.759{49C67628-5043-615D-1200-00000000FD01}1012C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudptruetruefe80:0:0:0:3c12:13aa:f5ff:fef0win-host-340546dhcpv6-clienttrueff02:0:0:0:0:0:1:2-547dhcpv6-server 23542300x8000000000000000120241Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:08.202{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B46EBE80C641C243677E46983E6BC806,SHA256=8E43B520B30C956607E54D88B6C73AE1BED8C56F6D560A24D53CECDFD1092836,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137430Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:08.737{6EDEAD03-504E-615D-2800-00000000FC01}2924NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211006072919-070MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120244Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:09.264{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A6B51A022B501E3ED79623C681F9950,SHA256=277D19FC9F1577993E2E21CA39FA976AAE13E7C5C682A85F62A9502E6C126E9B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137431Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:09.014{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6AAD4D517EEDA060A32133E51FA924EC,SHA256=F2CADD1A4AC91017C5863DC8BB0684E3832664C7CF8FE876D8628A709A602542,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120246Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:07.633{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50570-false10.0.1.12-8000- 23542300x8000000000000000120245Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:10.290{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=36860AD234E9C48D01D54877391B77AF,SHA256=5D84BB3A18AE9D237B022F7A2CFD97193BBFA765289CFB864AB005B896E38F51,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137432Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:10.143{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=886D37BC03A1FD15453831A26C9CBE6C,SHA256=8E1AB570BBF9BB62828C43CA8640784F83954885117449A4AB90984B7972926C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120250Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:11.415{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E1F5F61E36890F6B274D5C2C4E20273,SHA256=EE33DD2F4EB4FDCE555FD302BFBD99085FCF76B31B8EEC5B70A23FC99F135C1C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137433Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:11.158{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=59E17EFF1A9E295185A2C7FE2039CA3E,SHA256=C3F5A40C7D2F2A279D0877B547A715D399592BF8797BE0243629AD99096BA8C9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120249Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:11.134{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5043-615D-1400-00000000FD01}1080C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120248Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:11.134{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5043-615D-1400-00000000FD01}1080C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120247Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:11.134{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5043-615D-1400-00000000FD01}1080C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000120251Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:12.415{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E94F617F4FE95A84F23F100BB77EF4AE,SHA256=9B8994B175FFF4F04767E9591762120DD04D5F2442E70D5BA3A5C3D19A81E6B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137434Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:12.173{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4DB09AB17BA7E1E1332A07F3EE0F3413,SHA256=896DAB8ABE621ACDBED6D9DF41A700B6DFECCAC7A0D77FA29FF5C38780A4838C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120252Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:13.431{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=06905478EEDDD11B3285D165D357D17D,SHA256=6D4DA8A00D80D60B401F43F021A34A29D46C4B8EB319C10EB3F2F83F4A3C4D05,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137436Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:11.487{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64590-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137435Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:13.173{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0D99D2AF27734EB86F09225772834945,SHA256=F997004A9C2096D696459D29A4514B964090022FE8CE6CFAE5D431E6EB1585B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120253Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:14.446{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8AD2084056FB76D4EED0B7C7A3360480,SHA256=D58EEE7137F90686DADFDC3DE8916455B85D0743255F24F6DA326CF2637F9DDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137437Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:14.189{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=11913CB02827BA38A2247267491857E1,SHA256=117B7D9389CAC2AC012BE98B984A90AC0642C3714713F846A82F189E024C0B39,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120255Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:13.659{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50571-false10.0.1.12-8000- 23542300x8000000000000000120254Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:15.462{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=46BBCCE3D448DCFA6D2D1084DB276859,SHA256=46DF49F9D7D8F770AD7AE4BFEDC11A7952987E5796E808B58F8436EDEB636460,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137438Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:15.220{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BA1480AFE9C33B4D7B7CD00D9FBF0616,SHA256=4FE3790C52C6743840DB3792F2201189E1866E0F34B2D0549868EA0FC7851C14,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120256Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:16.478{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BC72C076256079854CCDFBC5750F9B9D,SHA256=4B79936D204831CD73A7EB3340A94013DFBD0E6F0A6E5C35E8BE5F41233050E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137439Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:16.236{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CB27AE31A500D433EF6B199B0B05FFEE,SHA256=F0C498CDE1DFF8836E4CC98E91C6FE94FD754B813571892FFE5D0EED1A10EA1D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120257Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:17.493{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7955E296C21C911B6C9CF267B843C55D,SHA256=93C38A09EAD2512248AE1B2A103F3427E3B37E73F6D65C8E99B65D163C115314,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137440Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:17.314{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A50A11D922791D4C1D3CD326FF99B04F,SHA256=4331C67A575BCDE3E8FA49B66EC02C899B1EDF82AD81A4B68A3CA90EBE03DC5C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120258Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:18.509{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7D69258E753CCE425AD6678769F66869,SHA256=E352C43708D885DA0FF4DD2F7B152180C1AB21C959D60975AF087A4592F6D3B7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137442Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:18.939{6EDEAD03-504E-615D-3000-00000000FC01}2448NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137441Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:18.314{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B46969738C0D705148F02F267C2D46B8,SHA256=9153633EFD2C05D063126617D7EE94C605FF798E97C02120AE96BD6188AD73D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120259Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:19.524{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CA9C92EB6FDAC5F6D844E050161E2498,SHA256=C7944B8C4EA508E0E5805C5B226519C2ACDA3FDCF553D149A324D9B3453DFCF1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137443Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:19.377{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=943AA3E4118626592215A0CB8428ACC8,SHA256=181804673E20DD69664A9F63DA9533CA56F76985F97E6179D039722A242628EF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120287Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.665{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6130-615D-8F02-00000000FD01}3768C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120286Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.665{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120285Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.665{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120284Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.665{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120283Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.665{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120282Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.665{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120281Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.665{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120280Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.665{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120279Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.665{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120278Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.665{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120277Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.665{49C67628-5042-615D-0500-00000000FD01}408528C:\Windows\system32\csrss.exe{49C67628-6130-615D-8F02-00000000FD01}3768C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120276Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.665{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6130-615D-8F02-00000000FD01}3768C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120275Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.666{49C67628-6130-615D-8F02-00000000FD01}3768C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120274Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.540{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3D78E9E38CC16BE4826B22877E52F7A6,SHA256=F104C3A54CE036D7CA410D568EF55B2DCCA5ADAAC1B32488ECF948C9D8430D85,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137445Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:20.392{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DC3790D5F11CE85E4677E00A667ADA7F,SHA256=A21A7CF1F43A3D82190101112A415AF4B4080C8883A5D52A0E4E75A83837363D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120273Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.181{49C67628-6130-615D-8E02-00000000FD01}30842864C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120272Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.040{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6130-615D-8E02-00000000FD01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120271Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.040{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120270Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.040{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120269Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.040{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120268Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.040{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120267Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.040{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120266Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.040{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120265Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.040{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120264Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.040{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120263Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.040{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120262Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.040{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-6130-615D-8E02-00000000FD01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120261Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.040{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6130-615D-8E02-00000000FD01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120260Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:20.041{49C67628-6130-615D-8E02-00000000FD01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000137444Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:17.424{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64591-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000120291Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:21.556{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=94C74725875D87749A4D343651A17723,SHA256=2913B76ADE893519D52777CCFCFA248F0C7C1BBF3FCC745057A3EFA974D88317,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137447Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:21.408{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=57867EB65316A461C514E8061B9DFA7D,SHA256=B2BCE38145C1750F3F7707F89F195B9573E6C2CCFF7136204645320898A6F7B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120290Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:21.040{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B32048961DD7F4677148D933BA77D436,SHA256=31A475FF2309DFACF118518589CB00A150C53EE9601AE2177FCCC6B3145E7FF3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120289Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:21.040{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D5B9FA1E6BB63A9ADE117E8438D2CA0E,SHA256=207F529DB9FA2FDD3DE952143F5A3C517FEC430CA25FCD52A7D1CC9F398D45E7,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120288Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:18.706{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50572-false10.0.1.12-8000- 354300x8000000000000000137446Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:18.252{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64592-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000137451Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:22.439{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E15488114D43F6A438D5FE47509B4DE5,SHA256=94D1E2DA3E83B2544C2419CC729704C1EFBE0B60A39D7BFC6327A55DD270B51F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137450Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:22.439{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1500-00000000FC01}1236C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137449Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:22.439{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1500-00000000FC01}1236C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137448Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:22.439{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1500-00000000FC01}1236C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000120305Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:22.571{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FED91F81245B7AD96E57B730E0AF7F82,SHA256=CD40FDE530CFC202B7F3760D958DBDD0869B5835570A65E0643564225B0D13B5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120304Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:22.290{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6132-615D-9002-00000000FD01}3028C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120303Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:22.290{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120302Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:22.290{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120301Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:22.290{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120300Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:22.290{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120299Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:22.290{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120298Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:22.290{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120297Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:22.290{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120296Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:22.290{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120295Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:22.290{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120294Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:22.290{49C67628-5042-615D-0500-00000000FD01}408528C:\Windows\system32\csrss.exe{49C67628-6132-615D-9002-00000000FD01}3028C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120293Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:22.290{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6132-615D-9002-00000000FD01}3028C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120292Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:22.291{49C67628-6132-615D-9002-00000000FD01}3028C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120321Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:23.587{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2F06379A6B366D773D4D36AA92FEC5D6,SHA256=5F1A77BE378DA4FBD1159F88A59DAAF9A410311608B7E28C7F856F7504BB2015,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137452Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:23.455{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8DAECFC8F8641AB665659E9AEBF6B618,SHA256=AF3E65C3842B6C80A1C62E5B27F031A70E220465A1F003D87AF6D849734915FF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120320Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:23.540{49C67628-6133-615D-9102-00000000FD01}38002784C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120319Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:23.399{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6133-615D-9102-00000000FD01}3800C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120318Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:23.399{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120317Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:23.399{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120316Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:23.399{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120315Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:23.399{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120314Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:23.399{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120313Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:23.399{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120312Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:23.399{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120311Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:23.399{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120310Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:23.399{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120309Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:23.399{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-6133-615D-9102-00000000FD01}3800C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120308Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:23.399{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6133-615D-9102-00000000FD01}3800C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120307Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:23.400{49C67628-6133-615D-9102-00000000FD01}3800C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120306Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:23.384{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B32048961DD7F4677148D933BA77D436,SHA256=31A475FF2309DFACF118518589CB00A150C53EE9601AE2177FCCC6B3145E7FF3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120351Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.993{49C67628-6134-615D-9302-00000000FD01}3761304C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120350Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.837{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6134-615D-9302-00000000FD01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120349Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.837{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120348Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.837{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120347Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.837{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120346Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.837{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120345Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.837{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120344Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.837{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120343Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.837{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120342Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.837{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120341Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.837{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120340Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.837{49C67628-5042-615D-0500-00000000FD01}408528C:\Windows\system32\csrss.exe{49C67628-6134-615D-9302-00000000FD01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120339Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.837{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6134-615D-9302-00000000FD01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120338Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.838{49C67628-6134-615D-9302-00000000FD01}376C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120337Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.587{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B18822753F86591DAED760569062D990,SHA256=DB751E34469E61697163DFDAD80D7F34F95D95401D4FB4B9DCA934E411D14EC9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137453Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:24.502{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=599D9510207542D0DEB8336242B373A4,SHA256=961F627CB29CD715F3DAF3F29E54FF31586D131A5B8F4DADB18EFC05F8A87BB2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120336Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.446{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2C7C14E4DDD9FC930771A920C4EE1D32,SHA256=3BE02F79C925FEC6C4A6F6B4BD556082D5864D0C428E1728947C19AE683F230F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120335Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.446{49C67628-6134-615D-9202-00000000FD01}28042396C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120334Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.305{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6134-615D-9202-00000000FD01}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120333Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.305{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120332Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.305{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120331Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.305{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120330Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.305{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120329Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.305{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120328Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.305{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120327Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.305{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120326Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.305{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120325Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.305{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120324Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.305{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-6134-615D-9202-00000000FD01}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120323Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.305{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6134-615D-9202-00000000FD01}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120322Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:24.306{49C67628-6134-615D-9202-00000000FD01}2804C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120353Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:25.915{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1A92682FDA57D7BE5F24255CA329814D,SHA256=45BE05EF8F594A243EA9941619D13CF8170E83702772CAA18BBB19F191755E49,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120352Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:25.602{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=570CA3A4B91333024FE761F8F3D726B0,SHA256=94F20F0A4346F9FC70A18E190266E3CBA39039A8070E49E1273B87E6403517F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137455Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:25.564{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=60771A10F8E43DE3BE618FB00A883D6A,SHA256=142F75A9E736FA80888E1EAC192FF5B69CCC98A781077566E28FC79BCCD04334,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137454Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:23.424{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64593-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137456Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:26.627{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5D3E1C2246DB0524423AD2D13E428536,SHA256=DD42698D64E64BBC77E4D742731337A6DD672ED4D7B6368DAF4DCE5B70B531E9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120368Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:26.993{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6136-615D-9402-00000000FD01}3320C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120367Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:26.993{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120366Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:26.993{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120365Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:26.993{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120364Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:26.993{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120363Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:26.993{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120362Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:26.993{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120361Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:26.993{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120360Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:26.993{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120359Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:26.993{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120358Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:26.993{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-6136-615D-9402-00000000FD01}3320C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120357Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:26.993{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6136-615D-9402-00000000FD01}3320C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120356Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:26.994{49C67628-6136-615D-9402-00000000FD01}3320C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120355Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:26.618{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2EB90844E1DC7D21BE2072FF0868318A,SHA256=F590F8AB3F48977EED6B70A20821A4AE302DB18D47D3612200C84B38175E6520,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120354Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:23.721{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50573-false10.0.1.12-8000- 23542300x8000000000000000137457Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:27.658{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5EA62544EFB737F7CAE517672D05D720,SHA256=63E797483FAD2DA6903C3FAAD5D9FD2D36D47BD342891007E48FAEC86085D784,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120369Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:27.633{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D2E8AAF01007B20A982C4CDB207782BA,SHA256=0346FAB67010349D704708D6299E03A82862351D87B31AE167A63DD899738502,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120371Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:28.649{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0033196AA5049E7E5863B303C58C1D4E,SHA256=0BF60D5DED2B81F82F4DF37A5A31202AA4507CE53D2C31EA1D70FF28BFD78BDF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137458Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:28.673{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D9B5E2157DC704BC7B4D281D9207970A,SHA256=FA57B4DFB8AC4516CA25A24DE3730C380123997239C4357BA4B0F34CD0CEF956,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120370Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:28.040{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C0D4797758E8BA5806AB87B8A33CB314,SHA256=189E9FDD016E13419DAEE48DC21CB1C05BE1B90C959D47688C3365ECB7E7AC99,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120372Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:29.665{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8154DD806EF7908BCD9EBBAAB60D8D59,SHA256=FDEED02CFB13E2BB3AF135BAAAFB185FE5D2407CECF825D544E323344AF4F7F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137459Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:29.689{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=260B202C29C7516861313779FE01FF91,SHA256=5ADBF474C90B692DAFC7A002C04BAB224524062673D1DED4FF0F71D81C7DD53A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120373Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:30.674{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F7C6450E7C6D11F67935841E77B59CF,SHA256=B53CF29F10407FC09B6AE081E07575BBEA2E91E31950FABA34F0DDF68C40F590,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137461Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:30.699{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A44D8B95C1C72DF4027DBF47CD732C0F,SHA256=8064DF22A950A23C7B81101280E33D28CAFFD94D8E19FAC26C54C6FCAEFB0349,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137460Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:28.440{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64594-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000120374Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:31.690{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CB3D8EF83AB25E7C49F6404D67B8196D,SHA256=6E40FCD28CA2CC7B32AD6ADD90B7A90A9C6279704CFE9AF3F5A84FAD9C7F8D47,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137470Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:31.730{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B601E5E7AB36E2164846720C643E4C1,SHA256=0BD8CCCE07026EAC232A77FE77B9115F5CDF24342971093343E181C1ABB9C374,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137469Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:31.261{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-613B-615D-C602-00000000FC01}5360C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137468Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:31.261{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137467Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:31.261{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137466Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:31.261{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137465Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:31.261{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137464Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:31.261{6EDEAD03-503F-615D-0500-00000000FC01}408424C:\Windows\system32\csrss.exe{6EDEAD03-613B-615D-C602-00000000FC01}5360C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137463Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:31.261{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-613B-615D-C602-00000000FC01}5360C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137462Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:31.262{6EDEAD03-613B-615D-C602-00000000FC01}5360C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120375Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:32.706{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B5986E49FCF64A68AC2EBF4913878722,SHA256=FA4B62196B0BB0C8C855A2DA7AC417D04F764C7DB054BB21B297B8A3BBE597DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137482Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:32.746{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=16E04335F6281C72823F026943B0C867,SHA256=596002AE193B3E51A31E9F0FC9C6CFA3BC08547823ED050816554C47A5150600,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137481Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:32.293{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3A59379C0E505D9F923F9880EDF760A5,SHA256=FF25B6D09285DAC7274A25B2B3AEDA04A2BDACBF1B0C5404FE4872DB13CEFB40,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137480Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:32.293{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A1A5F7995E6283AEF4B4D4CF51F2D451,SHA256=2346347B0B8AA7D441C37E9DD09F3E029499EA1A4A5671F3001743416B73E35D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137479Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:32.199{6EDEAD03-613C-615D-C702-00000000FC01}54365316C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137478Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:32.043{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-613C-615D-C702-00000000FC01}5436C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137477Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:32.043{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137476Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:32.043{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137475Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:32.043{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137474Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:32.043{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137473Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:32.043{6EDEAD03-503F-615D-0500-00000000FC01}408524C:\Windows\system32\csrss.exe{6EDEAD03-613C-615D-C702-00000000FC01}5436C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137472Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:32.043{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-613C-615D-C702-00000000FC01}5436C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137471Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:32.044{6EDEAD03-613C-615D-C702-00000000FC01}5436C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137491Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:33.840{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1D6EAF895DC6940A341F448C58843DF5,SHA256=5B9007F5CE0C12F060769BFA46DD250AA279D05B20B65B863E509CEBB9ABBE0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120377Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:33.721{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BB9207F18EF6A47348434209D0E42A3B,SHA256=DB2BD94047EBF9FE4273B0E0C261507A7A000DFD57D972529D7DB30442B6A477,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120376Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:29.627{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50574-false10.0.1.12-8000- 10341000x8000000000000000137490Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:33.277{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-613D-615D-C802-00000000FC01}5364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137489Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:33.277{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137488Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:33.277{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137487Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:33.277{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137486Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:33.277{6EDEAD03-503F-615D-0500-00000000FC01}408356C:\Windows\system32\csrss.exe{6EDEAD03-613D-615D-C802-00000000FC01}5364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137485Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:33.277{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137484Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:33.277{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-613D-615D-C802-00000000FC01}5364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137483Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:33.278{6EDEAD03-613D-615D-C802-00000000FC01}5364C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120378Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:34.737{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A312E94C257C0EA843DDE5621B993EA9,SHA256=1E30542ABD32BA2142BA8043E0921A1CFDBCA466063B6794EBA8C336F4D23EBE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137504Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:34.886{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4E6C563E89678570EC2B14AF9DF29B23,SHA256=18C78DF3F658127E22A465048EE581E6953DC5C36AF5712B251F8BD48DEED74F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137503Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:32.778{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64595-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000137502Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:32.778{6EDEAD03-504E-615D-2700-00000000FC01}2916C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64595-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 10341000x8000000000000000137501Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:34.699{6EDEAD03-613E-615D-C902-00000000FC01}52164640C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000137500Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:34.511{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3A59379C0E505D9F923F9880EDF760A5,SHA256=FF25B6D09285DAC7274A25B2B3AEDA04A2BDACBF1B0C5404FE4872DB13CEFB40,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137499Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:34.511{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-613E-615D-C902-00000000FC01}5216C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137498Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:34.511{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137497Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:34.511{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137496Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:34.511{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137495Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:34.511{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137494Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:34.511{6EDEAD03-503F-615D-0500-00000000FC01}408524C:\Windows\system32\csrss.exe{6EDEAD03-613E-615D-C902-00000000FC01}5216C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137493Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:34.511{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-613E-615D-C902-00000000FC01}5216C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137492Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:34.512{6EDEAD03-613E-615D-C902-00000000FC01}5216C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137525Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:35.918{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0C7D7DD485E5A44554B1A04CFAB97A9C,SHA256=F41F2B2ABEBAB6717639F3D54A746C2EDA3667E21AF8CD7BC627248DABBF9FE5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120379Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:35.752{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5FD7B8F32A7879FC38340244F53025EE,SHA256=A219C5A7A1A5735E532E7EBF3968E49DFF75A730396EE8A97F0C29CB521F8252,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137524Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:35.808{6EDEAD03-613F-615D-CB02-00000000FC01}4002768C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000137523Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:33.512{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64596-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000137522Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:35.652{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-613F-615D-CB02-00000000FC01}400C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137521Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:35.652{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137520Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:35.652{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137519Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:35.652{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137518Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:35.652{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137517Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:35.652{6EDEAD03-503F-615D-0500-00000000FC01}408404C:\Windows\system32\csrss.exe{6EDEAD03-613F-615D-CB02-00000000FC01}400C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137516Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:35.652{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-613F-615D-CB02-00000000FC01}400C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137515Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:35.653{6EDEAD03-613F-615D-CB02-00000000FC01}400C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137514Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:35.590{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=7663551BB3BAABA6E61FF687F914A409,SHA256=9159908AB4ECE838532E1B008E9BDE7ED2531EB236C69074A21D8149F971A3F5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137513Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:35.402{6EDEAD03-613F-615D-CA02-00000000FC01}26805940C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137512Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:35.152{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-613F-615D-CA02-00000000FC01}2680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137511Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:35.152{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137510Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:35.152{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137509Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:35.152{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137508Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:35.152{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137507Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:35.152{6EDEAD03-503F-615D-0500-00000000FC01}408404C:\Windows\system32\csrss.exe{6EDEAD03-613F-615D-CA02-00000000FC01}2680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137506Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:35.152{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-613F-615D-CA02-00000000FC01}2680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137505Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:35.154{6EDEAD03-613F-615D-CA02-00000000FC01}2680C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137527Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:36.933{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2D6554251F21C30F1674DDCACA4D586F,SHA256=D82C72E9C8C28B4444BE0C41B37A9461993533619369EBCE4A75D9ECF603F0DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120380Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:36.752{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A0B378182DB2F7CBC3339530B35A3C70,SHA256=203E581F81C993BAEA60AC2718DF0942AB764BB26A413818D82770B1C42D87F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137526Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:36.886{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FAFAB5C75552529D13BD4BF5CE44591C,SHA256=007B05029871C29048BF423A8ED926D0A3B196883E634927C9090B23B2B2A197,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120382Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:37.768{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7B319A0AA1C13ED7F01534C657954098,SHA256=C37DE72BFD4BCF4EA7B154424F0477CC580B7B57BDFC06E0D7408E24465EE0BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137536Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:37.965{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3464E305B7B3D54C348E874504AB5D16,SHA256=9F1159F3CB613139E7192CCE15AF255571CF5CE6EFCD6E05B978F520CD0D59D9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137535Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:37.777{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-6141-615D-CC02-00000000FC01}5540C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137534Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:37.777{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137533Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:37.777{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137532Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:37.777{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137531Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:37.777{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137530Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:37.777{6EDEAD03-503F-615D-0500-00000000FC01}408404C:\Windows\system32\csrss.exe{6EDEAD03-6141-615D-CC02-00000000FC01}5540C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137529Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:37.777{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-6141-615D-CC02-00000000FC01}5540C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137528Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:37.778{6EDEAD03-6141-615D-CC02-00000000FC01}5540C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000120381Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:34.668{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50575-false10.0.1.12-8000- 23542300x8000000000000000120383Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:38.784{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2173D2E8067693FB67DC494F623D2DCA,SHA256=AAD9630D6DF39CE0909C491C3BB241A8CE9E29C4956FC0F87F136880256B32B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137537Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:38.793{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C9C836AA6921238B0EDC742678439F7F,SHA256=260B28DF78B910F76D74E031EACA50C7648BEBB6600EEAACFE6664B3221FDE10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120384Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:39.799{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1600E8D844DBF20F08F6451C7573DF6F,SHA256=04ECCE154FB5D5B7F8248594D8F8A0B62F16673AA87AB98E59441F527D8DB399,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137538Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:39.027{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=75A0FEC5CE7F714802ABC35F2A841C94,SHA256=78768653A9DF75BD4D689D54B16B42CEBA28E90F9924B406AC503C2EFEE1895A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120385Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:40.815{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0F359A02047FBDFD0157FC731AFEEDC8,SHA256=FEFC81A9BC6411A18580EDFE762328702C4B6E8C5B5C9EB146913B745F61A3C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137539Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:40.074{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ECDE7649F1A080C0045EB7D275D01D0A,SHA256=D18483E7512C8088E65F0A07618210F6BB08383836444060E8DCD7FE18AA6A06,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120387Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:39.699{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50576-false10.0.1.12-8000- 23542300x8000000000000000120386Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:41.830{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C48254042A546123A2282DE24525B0AA,SHA256=7F8F45CF2261825C0ECDAD1102084F3DB6D90E4747B986D4930AC158D6BE6CB8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137540Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:41.137{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=76A4E0EB24BC39B6B08BD6F3C64B60F7,SHA256=4DA617BD775CFD42FB1BEDF3DD84CBC0E036EE4CF7E3B705649CCB118AC61366,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120388Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:42.846{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B64C1617E09ED77287B894A4B2FDAFE8,SHA256=064CAE43696D6A877ABB49329F7A2D62AB33E3A2A4924DBB8D6DD68039225FB2,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137542Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:39.434{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64597-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137541Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:42.152{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DFF8388F245173EB8AA5145820CD0B33,SHA256=4C7BAD0730893613118C317BDFC596AAD601CCE6A88FAD6D206EC094E452429D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120389Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:43.861{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8BBE9FFE78C984A5AAD1E0D5BD20693D,SHA256=D7C78FD9D7A9CCFB1F871D3C03890C4ECFB4791DC6004A3E540933276AF0A4BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137543Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:43.183{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=02973DC99AAFF478A2A07487C1A7DBA6,SHA256=1F00B74C70FF0876B9B0602B8C3848441F23C16CC4C698DB1F02D3BED1C5F162,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120391Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:44.877{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=91F0D1404EC4D9309E37BF20F8747208,SHA256=6F105A13EB85F4424C1C3133962AA1F1BA6DF99107BD7F6EB8EE5C1BAA7CED40,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137544Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:44.199{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BAC1D04035009750B91F9DCEB44FFDF4,SHA256=646C2E5C506C881DD18CD37F8AB818E410F084DC55ED869EA2384D4279656E11,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120390Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:44.315{49C67628-5044-615D-2200-00000000FD01}1580NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120392Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:45.893{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A72A131A6C3A5649172BB7DE54F4C55,SHA256=CC4C98D3F4F5A907E787FD535192712E416239FA72C2F387CFCEA48A9F9E3C84,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137545Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:45.215{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D6A1726C5E51A6F164BC4DA7FE596B9C,SHA256=67FF545C938548731B7BF05B1830D765A18C7AB006454330C6FE8FA4EA73C1B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120394Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:46.908{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F8D11CDA906B85621631BBD53AC7D85A,SHA256=EE6778229F7FC718C76CF6B47BD967D00F81DB7FC26FCECC692DFE37895C27E0,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137547Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:44.481{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64598-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137546Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:46.261{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25BE3CD13AF5CF477E12784D88DF43C2,SHA256=C5A3A6E49BCB7F72B120350DF867C48B3ECEC9EE526A918563651F77ED546640,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120393Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:43.824{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50577-false10.0.1.12-8089- 23542300x8000000000000000120395Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:47.924{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D80AB014C1E4AF069DFCA9B845E44E05,SHA256=A6E88580116FEF81B011485C714D1794F57F80D280DA2938C6CC6F017DA3C728,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137548Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:47.277{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3F1920EEDDCFD045765712C78EC0DFA8,SHA256=889BC636CB48735AA29717C2D3E5B6F88FFC9DECC2569DE75CB861209564CC91,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120397Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:48.939{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=562C9B30F621D58B80B6522A7D70B55C,SHA256=57AB795B0300ACA97DD037C048AD69CB84094CADDA5EB97DF91B576966C8D286,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137549Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:48.340{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=53E7B294E536E56E0B9F4FC8A7F67CDA,SHA256=1123167EE7BB3173A5B16D4CC9F7BB2C6F4F08D6D5EBE98B34865E3F7A2F2F62,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120396Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:45.590{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50578-false10.0.1.12-8000- 23542300x8000000000000000120398Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:49.939{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=535D761EDCDD3B57525318F688B96AC0,SHA256=48517E31A6AF00E556A3EE8E302B9F5BC640EBBFE9FDEEB344C7D8ABD274EC4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137550Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:49.355{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E970CA8A40AA6E4A57384C945014E41D,SHA256=3931629AED13C0107A6031E6A50A971495D58227438C9B62AFCD411B628C715B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120399Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:50.945{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=94B69864E744E6A6DE7100101C4F0EB7,SHA256=01C76ED7170529CBE4EFE558678A97C1D2AFBB82C27695BF65E75B18310AB932,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137551Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:50.376{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BD41C1B68C87057673E9A2DDBAD9F1C4,SHA256=EEDC703BF289E6501F4D980DDB5545D2261CA370A03DA8EB02C1EBA61886EF23,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120400Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:51.960{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A92A2DD4D808EFE88FB627E0F731BD5F,SHA256=7F705FCA4AA71C3A4749187A3DE40673E32F3E82CCDC9BAA9C63C17CF2ACF773,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137552Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:51.376{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A5F5CF12FE0B9EF0796C8E4AFEC0FAC,SHA256=F56F23245C4B4A3CBE5AD77231656419BE69F63B38056CAC0CEB5999FB31248D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120401Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:52.976{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FBD8F214641CE285B424D8952CA2D18D,SHA256=28E1310A607D3E32F0EB5118326F256E88FA11E974A5FB29BC9FB156454A0618,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137553Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:52.391{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C76EE21032FDA648ACAE626D0AD94DD5,SHA256=50E2122F8B1FA63DEA111A533C042384A37304BCDCD766CB3762D8903EF46DE1,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137555Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:50.376{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64599-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137554Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:53.485{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=66DDB9173B439E21F5564EE4496A3993,SHA256=5020BBBFE1370A22B4D3C27F335182782BA79D603B835D507C033D8D1C8BE7D1,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120402Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:50.595{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50579-false10.0.1.12-8000- 23542300x8000000000000000137556Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:54.516{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B3E0C7DC38B4EE0852D262F88CDDCB6,SHA256=A0AFDC71298B926F7AAACE26FBB32D2C5B582D5CE50BB4088ED40F5C0950370F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120403Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:54.007{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4150EEA680CEF25DA94CE2B13FC15687,SHA256=8C48E67CB514BC9DCC768BB9012528C99AF849C19AEF892D90A9296C8FD967F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137557Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:55.548{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A9C566BA914CEA2075AA65BD653A52B3,SHA256=86FD6BC44D2163666441274C975B38C56E51BBA36BDD2653A3917253D901AA63,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120404Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:55.038{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B2DED5EDD4A3EFA67E6ED059960BFEDB,SHA256=7F81F47A882AC27BE34C94C7CDE3F4B3D24DF187F4FAC99895ACAF5CE9B3EDB4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137558Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:56.563{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B58676F8AA7A849B65EAC25A47FB8DCF,SHA256=1F947EB5FD635E5FDE93D18FDFEAA0FA2B3E2EFEDB5BAED21AEC70543411911E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120405Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:56.070{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3ECDD46BCD97B4D9F3242E360666F125,SHA256=CB6A610CFF3B43CF73C00DD3FECC05239C6CB7BC00DF95084D78AC48FCFEC634,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120407Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:55.657{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50580-false10.0.1.12-8000- 23542300x8000000000000000120406Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:57.304{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A45A67998F1415646C0191894F2908A,SHA256=641086AD6147B72E6898D18ED17FFCC6455755E50B9B98D5F678525E5A3BFD7D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137559Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:57.579{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CFE97E015E5C37A197283453D07065A7,SHA256=D7B5B43C9FE66DC38A52206C7192C9A6F26926A3C79A6F3F21FCADEA6FB2F2D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120409Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:58.526{49C67628-5044-615D-1A00-00000000FD01}1860NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211006072910-070MD5=266A8C17E3E1B8A0B29A8C5E77CA200E,SHA256=01EFC44F32696762DC9319663F7889EF6AAFD7A8B30AE6A823FD17BD5EE43D66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120408Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:58.336{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0DDE8CEE72161E36FD92855B91BFEC21,SHA256=CED58BA815EEFEDB49B1B3B33CE12BCD899ABA57F4B9049C37A86E9C6A5A1DA6,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137561Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:55.408{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64600-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137560Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:58.594{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=51CC510F1BF9CC577BD361420D0A6DC6,SHA256=BA11F733CE921804A9FF41002577354308FC13D36E05D327CAAD63DFDEBB5E3B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120411Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:59.530{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=26C7720CB40C9710A9E811A92B3E6443,SHA256=7B808AC51573830DAE8470B921D1C458C1CD5BB11F823782DC55FCCEEF388B44,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137562Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:41:59.626{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A220E6BD5B8751E0B977CF39DB6540FF,SHA256=2F52EADAC43E869B0CC66E5C42BE0AF5B4C60209A2ACE39CD8C04470B0F30092,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120410Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:41:59.526{49C67628-5044-615D-1A00-00000000FD01}1860NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211006072908-071MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120412Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:00.759{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=96EFCEB7567FE6F529389AE2EAF326B1,SHA256=56FBC933194B0DFF5BE58CD7B8BBEA87AD2EE8052BB4C923A607CE70EF48B5B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137563Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:00.641{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=603A1178673C545EEB72722BBC093AB8,SHA256=2211F1DB029908DA7FB173EF0EFDE70042DA18D2873D305ECB42BB577B631B3F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120413Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:01.775{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F5ABE034EF0497DBCB6AC91FB6A4647,SHA256=48B044C9E1A717D4DAB26296E0A72E086DA6A6C1A13535C60EBABF37FB009ADD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137564Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:01.719{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=543789BE950D5C7EF394D7C3B7F62523,SHA256=567D3754C6FC866466A2AC9C10FA6844D007A6475064CF4259EAC2CFCF64AEB0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120414Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:02.806{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A69BE24DC56D16435301EE87BCB9AF64,SHA256=BD558684B0101D5FD40EFBCB79AB97E5112FD8253EAA30BC255BC5855661F584,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137565Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:02.766{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A83324FDF5FAF58C31A4B73DF6D4828,SHA256=6D67D61EB7EFC6A330936996D030DA3C25B85D4979B5E2D913EAC8425005136B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120416Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:00.784{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50581-false10.0.1.12-8000- 23542300x8000000000000000120415Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:03.853{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A9CD8E97536BA12DD563C424FAC51817,SHA256=BFCBD73E77C57553220A05A89000A3DE150374BF62F3C6D76F6F647C00E871F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137566Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:03.798{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A3431949DE3844AA55045544CF3CC47,SHA256=66ABD8A71FC73669967AC42DF92846763D9C3454FCE6BCF10A55DE6ADCE5C712,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120417Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:04.868{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=83CF57A809099C8799542206269640D2,SHA256=9FE9E188AA40DF04BF3E79E3CA6BB1FB3894F146CD7E716AB1703D81817C5D3B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137568Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:04.844{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B76399EB838EF42771F38FD170ACAF69,SHA256=3CE674840820B030118C0D4CAB049453F801E5E15741553838172BE21EA78F33,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137567Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:01.362{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64601-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000120418Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:05.884{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=91D9D2AB349052B035DC27282D3711EA,SHA256=A541B106F600FDAE3CE6B655C03C2BADBD27A91969B30EA79BF4E1030487F597,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137569Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:05.860{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7EE6779D04008F69B4CC78BB781F8414,SHA256=189893FBA537D78031BD7BF4F16DE68158E6B7FF74B641A94EADC7FD8CACEC06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120419Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:06.915{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=797A7888C17362F2EF116DA866FDF682,SHA256=9C17F222503E47237B3D07202117DADEE80280B5CEE411034D5F1A1EECA65C39,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137570Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:06.876{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=242BE45EA2C7BA549BB8904AD6B3DCE7,SHA256=17A896546E27952DADC87F911E3433A640C9DC0A305C4CB3B855BDD65102A79E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120420Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:07.978{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A91CBF44987D9CF491FBC2BF12A5B9CF,SHA256=FCBE8191C17D3CA7607F778425D411EEE437768EEB260513BC38244CDD946CDA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137572Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:07.891{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F1EF3C1A9496129641B500223C8225D1,SHA256=15F61569D1D28736F29244A19DE76A772321E6CCDB29909BAA43897260C06705,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137571Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:07.032{6EDEAD03-5041-615D-1100-00000000FC01}380NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=3AA8B6EF07892212B487617C1CDA0D2F,SHA256=F09E6AC0A967F6B9B5EB4E69F86AE66E90DFEA18E694A6495C611A4ABA714DFE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120423Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:08.993{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4595055F61CFC91D4445784EB171588A,SHA256=570819602AE24B2E8B33260AAE88FC5DB0E95DCAF041DBD7CFD3D19CE10B6E58,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137573Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:08.893{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ADF75EA9880CEB57BC05F9DDA025B545,SHA256=7202683B0119342FFA1C188E0F45BE8AB5DA5F6C87D4EE11E5A3D60191C4D081,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120422Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:08.775{49C67628-5043-615D-1200-00000000FD01}1012NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=408B7541B3F4031C411E0F7293DE4C46,SHA256=517E9DFEF24E4C1AEE3E647437E39FC845B25C9B8738DED7354BFB7A7AE771DC,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120421Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:06.581{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50582-false10.0.1.12-8000- 23542300x8000000000000000137576Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:09.939{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E0BD96623196EDB419C55FAC5B78C559,SHA256=E0D165A734021376BDD661FA594C367FF6AFAF465FE44DEAD008F0EBC9B9F4A7,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137575Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:06.376{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64602-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137574Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:09.254{6EDEAD03-504E-615D-2800-00000000FC01}2924NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211006072921-070MD5=58D52BFFD80488B8005F7C319C2D4334,SHA256=B9D8441D1BC2ED8425146F5F211E2A21C477807F4E0B7EBAD9811C868FAB9279,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120424Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:10.024{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CA60F193A529745F46119083CE99CDFD,SHA256=0E5AE46E554D692A8ED8F6BCF83F6B2F7D9C4F4B8F8CB503345A2122F2155FD4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137577Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:10.268{6EDEAD03-504E-615D-2800-00000000FC01}2924NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211006072919-071MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120425Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:11.163{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EA85E3177D7CDA4C6C5249546DD51BCE,SHA256=88844C456DF32975D475709D069D88C926602307AD0572A82DA4B80E84C9B13F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137578Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:11.034{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=106F40238E7D235EB98CC12CD7AAA949,SHA256=226D5A6179ACD79893F63BBBEDE9F533AF21D09D81589EC723F4BD3209283271,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120426Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:12.178{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AD39C45C1F16CAC939157A0FC0FEFA54,SHA256=5588A8E293BFBE779557BA09BE7B70DF665E3454E633300D5176CB915C50E12D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137579Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:12.050{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E9DF4D1E868CD7C89C01D8F3B2356B2C,SHA256=84D419180DBBDC50C2D0949A586D01F8D1349B592534A00A7794885A02C4ABB6,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137581Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:11.457{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64603-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137580Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:13.097{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4BFF4993136193FE4FC9DBDED11F481A,SHA256=AF0B3D80F86DACFB827686EA568D98FEA1C97151F865DBAB7512C6C22500C6E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120427Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:13.194{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5EC78B02D323840378207AD9292DBF1D,SHA256=1ADEC7791BB0E03FB1D2BCCB7F7E7C84B624930D05858D19BCEB0EF25E51729C,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120429Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:12.625{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50583-false10.0.1.12-8000- 23542300x8000000000000000120428Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:14.209{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6E74E6135F8A2B81FEF6A08D203F075D,SHA256=BA84F2DD287794AE6EAB2CBCCE503518E870E19D439C1C0DCC6B1120BE609E27,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137582Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:14.191{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=32F067810BBD4E636E528E1D71FFB7D0,SHA256=2F9CB99F68F23F63E58A2E09FC5D964D518EDA8FD00A167AF6BC4556E23E233D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120430Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:15.225{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7CCBC86CD052701EE5D50C2679572383,SHA256=96854809BE709D51B78234051414506757AEFAFB68F48F705600400B1DDEFD35,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137583Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:15.191{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9FF29A46A3FB0F3FE57F7FAEB8920A7E,SHA256=0FBD050C1ABE98EB07BB9B7C0F86A426523A358954F9B62A27875DAFE9B25F77,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120431Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:16.241{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=650B6BB002B5EFAE326F9C0A61DB1705,SHA256=64CE49D148586E55A5A26BDB49D86CC8539E89457A721A13FC51A0BDE0069644,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137584Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:16.206{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E257A4A9198342D1D384CA4F97AA81B,SHA256=96065242414FBBBAA1B17DD9BD0C8A910D7CA443399FE8CEEA8E74E613C602A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137585Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:17.222{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2C38DE3E8A0AB48648417E0FF94D99C1,SHA256=18133B46026E2211F721A0D78727592E6170236D63E9736EF5F0CB83B75346CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120432Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:17.241{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=39A6F50DF3456FE57107D2698370D800,SHA256=D68E5D56AB0FBDFB9C6365EA5101994FF9BF41530B237E0B7333D01544D7FAF0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120433Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:18.256{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B41607F621C26C60E79D6D464B9F2E6,SHA256=507D881EE661E9340D03A74FF9C612D00F0979ADE968CB3BD9CEE56AB02CB7C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137623Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.956{6EDEAD03-504E-615D-3000-00000000FC01}2448NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137622Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137621Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137620Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137619Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137618Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137617Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137616Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137615Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137614Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137613Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137612Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137611Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137610Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137609Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137608Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137607Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137606Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137605Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137604Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137603Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137602Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137601Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137600Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137599Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137598Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137597Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137596Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137595Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137594Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137593Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137592Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137591Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5393-615D-1301-00000000FC01}4456C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137590Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5393-615D-1301-00000000FC01}4456C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137589Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5393-615D-1301-00000000FC01}4456C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137588Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2C00-00000000FC01}3052C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137587Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.472{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2C00-00000000FC01}3052C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000137586Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.269{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A39C434EF4BFF02B5B44B2297306B51A,SHA256=72987B33C1C3FABB072C488B2656C59437B334A35D32343435E660FF0C1D0449,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137625Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:16.488{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64604-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137624Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:19.362{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8BD97DFE4A7ABB54158341162B4D927B,SHA256=AE9F2E5A957ECEA991397FE928FA2085370EE46B66C1AB815342C9F457650A28,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120434Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:19.272{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=61BD80AD4BF1D157AECCD5DB1E9A516A,SHA256=F2FC93BCA0AF17417608DB6D0252FE20BD5CE753BEA896561F968C9B117F8DE1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120463Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.569{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-616C-615D-9602-00000000FD01}1420C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120462Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.569{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120461Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.569{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120460Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.569{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120459Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.569{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120458Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.569{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120457Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.569{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120456Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.569{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120455Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.569{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120454Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.569{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120453Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.569{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-616C-615D-9602-00000000FD01}1420C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120452Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.569{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-616C-615D-9602-00000000FD01}1420C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120451Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.570{49C67628-616C-615D-9602-00000000FD01}1420C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000120450Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:17.750{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50584-false10.0.1.12-8000- 23542300x8000000000000000120449Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.350{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C03323439956A4C269C5F17CC5E1365F,SHA256=56E60623A0697794E75097BC8F7D2755BE47EB771A4FDD895623804BA0F4456D,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137627Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:18.269{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64605-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000137626Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:20.378{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1D120482D1B69E576889C51E968853B1,SHA256=D9CB0F974FAB7F3E291313DBFBB6D15C632A1906807161C483A5B6663DFBF27C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120448Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.209{49C67628-616C-615D-9502-00000000FD01}2556920C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120447Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.053{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-616C-615D-9502-00000000FD01}2556C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120446Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.053{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120445Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.053{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120444Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.053{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120443Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.053{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120442Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.053{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120441Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.053{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120440Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.053{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120439Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.053{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120438Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.053{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120437Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.053{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-616C-615D-9502-00000000FD01}2556C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120436Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.053{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-616C-615D-9502-00000000FD01}2556C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120435Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:20.054{49C67628-616C-615D-9502-00000000FD01}2556C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120466Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:21.553{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0EE36703C65E99A3DB229DD51DFC2DF5,SHA256=E13BDD5C7DF775512181B4856EB3369C768A8843660FCF61B7271FDE20BF80A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137628Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:21.394{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E36BC4FFB225A3AF6DADA4002A3CEE27,SHA256=B9D2734332FE97A6BF2EB7EEA2C6748D505BECA78CDC8A2CB5376FC506F19F22,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120465Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:21.209{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F621ACCDF6AEA49DBD2A206A39400C3F,SHA256=32EDA042C3BCE61FDB9814AD9EF09928606A6B2046DED063ECC27FC312CACE44,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120464Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:21.209{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=350BEC7F11A8E6E2369A671D5C4DCCE1,SHA256=22B0448C4B189BF46E26F349FE28A480A75469C4BC07F5F478389C33D0E005F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137629Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:22.566{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=127132DAAA5B3F908F155C70DC4AA70B,SHA256=4A3DA702F40E5F460CBFB58D48F91B7989F6591AC39B7129F06A007910F4CBA7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120480Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:22.568{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CFBD51BE0FFBD5BFEBE0BB9D688DB47C,SHA256=F8BCF008E49CF7B03A573114A14D26300E1995D4AABE8D15545EC1F7A0CA8B14,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120479Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:22.287{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-616E-615D-9702-00000000FD01}1000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120478Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:22.287{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120477Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:22.287{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120476Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:22.287{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120475Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:22.287{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120474Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:22.287{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120473Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:22.287{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120472Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:22.287{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120471Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:22.287{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120470Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:22.287{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120469Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:22.287{49C67628-5042-615D-0500-00000000FD01}408528C:\Windows\system32\csrss.exe{49C67628-616E-615D-9702-00000000FD01}1000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120468Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:22.287{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-616E-615D-9702-00000000FD01}1000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120467Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:22.288{49C67628-616E-615D-9702-00000000FD01}1000C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000137631Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:21.535{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64606-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137630Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:23.566{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=980F9965F1EE7664A551CA76D1881A62,SHA256=4BA922959A53FFA920CC56E13EE32B80CEE097614D04A9071C2A080C8ECFC332,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120496Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:23.631{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A8524D3F99145B9EB936A4A1A3E27348,SHA256=FEA4CF7EF10ACE018CFCD4344E4470A9C974EFF70E002470E501B0BC40EFC23F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120495Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:23.537{49C67628-616F-615D-9802-00000000FD01}2972992C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120494Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:23.412{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-616F-615D-9802-00000000FD01}2972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120493Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:23.412{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120492Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:23.412{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120491Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:23.412{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120490Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:23.412{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120489Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:23.412{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120488Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:23.412{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120487Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:23.412{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120486Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:23.412{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120485Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:23.412{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120484Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:23.412{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-616F-615D-9802-00000000FD01}2972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120483Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:23.412{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-616F-615D-9802-00000000FD01}2972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120482Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:23.413{49C67628-616F-615D-9802-00000000FD01}2972C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120481Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:23.334{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F621ACCDF6AEA49DBD2A206A39400C3F,SHA256=32EDA042C3BCE61FDB9814AD9EF09928606A6B2046DED063ECC27FC312CACE44,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120525Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.850{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6170-615D-9A02-00000000FD01}4052C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120524Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.850{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120523Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.850{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120522Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.850{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120521Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.850{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120520Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.850{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120519Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.850{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120518Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.850{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120517Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.850{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120516Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.850{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120515Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.850{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-6170-615D-9A02-00000000FD01}4052C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120514Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.850{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6170-615D-9A02-00000000FD01}4052C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120513Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.851{49C67628-6170-615D-9A02-00000000FD01}4052C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120512Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.725{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BCEE3622B0AB33727810E52B8E825654,SHA256=213D681DD2335534F9767ADA6396728DC0338D41F7BF188C2326E64646FD0D8D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137632Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:24.581{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=885D269DF76BF492A8FE8F47A09EBAF0,SHA256=09E8B9F81BDB5AECA32D0346E5E9588B058E49C96D8C83766C72A77308B7FCB7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120511Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.521{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F1C6838ACC21738B146D0D14A1C2A786,SHA256=636D17A2EE24BE914FB9D12B5C0C0406537CF59AFC876DA65B8997B30B887DB9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120510Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.459{49C67628-6170-615D-9902-00000000FD01}19643408C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120509Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.303{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6170-615D-9902-00000000FD01}1964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120508Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.303{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120507Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.303{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120506Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.303{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120505Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.303{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120504Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.303{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120503Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.303{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120502Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.303{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120501Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.303{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120500Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.303{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120499Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.303{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-6170-615D-9902-00000000FD01}1964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120498Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.303{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6170-615D-9902-00000000FD01}1964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120497Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:24.303{49C67628-6170-615D-9902-00000000FD01}1964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120528Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:25.850{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A0EA0C8393FCBF22DC7E340F76F8D0EE,SHA256=BA78BDBC9E426A0F1A163C3BDCC9116B673A59575C8834D80740622BC289E9A2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120527Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:25.771{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DCF29CBCABA497CDE09E5164565B7698,SHA256=5CF9D7153A5A3C19FBA39B6A73DBE35151C4051D72B8F96DBFE024C1AF8E9024,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137633Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:25.628{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FE8ECAEB6B2230BE76BC0F91903BA34F,SHA256=49C70B5F06B67E63D730059444D1CD95BBBB543262D912AC692F5F099476D2F3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120526Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:25.006{49C67628-6170-615D-9A02-00000000FD01}40523540C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000120530Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:23.609{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50585-false10.0.1.12-8000- 23542300x8000000000000000120529Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:26.771{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E4D0A8607CB05DA95162627798BC34AA,SHA256=A2FB702F08E9EFD38BA134E3D193412637E5E3F6C32C0D6ECE68CBDABD627FCC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137634Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:26.644{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9C3C222C44664EC71914EF52B3BEED17,SHA256=D84298EF0E594F5624014EAA45BE7D8BCBC051F7A69C799AE588864725129C64,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120544Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:27.990{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D96F54D9B5ACE3FE3A5479E54EFCDE91,SHA256=BBCBEF15AFF3A783E8E3AC42B99C1312242BBFCB33A6B8B8116F7FEAE1368CD7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137635Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:27.675{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=27717A4FD14D7CC63326407D7C63A11B,SHA256=79C9C855C6A7DDD0F648034545EB83A9A9CDE17A581CB4D8B4A0D4EDA346F8EC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120543Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:27.006{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6173-615D-9B02-00000000FD01}584C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120542Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:27.006{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120541Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:27.006{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120540Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:27.006{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120539Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:27.006{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120538Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:27.006{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120537Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:27.006{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120536Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:27.006{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120535Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:27.006{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120534Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:27.006{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120533Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:27.006{49C67628-5042-615D-0500-00000000FD01}408528C:\Windows\system32\csrss.exe{49C67628-6173-615D-9B02-00000000FD01}584C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120532Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:27.006{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6173-615D-9B02-00000000FD01}584C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120531Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:27.006{49C67628-6173-615D-9B02-00000000FD01}584C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137637Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:28.691{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2EC155199E44F6DC06E6D775E885C25E,SHA256=B2B3C2D7CDA25A05783A1455069B353D5249E912D7E0F537483C9316AB9F6CAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120545Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:28.068{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6F15163649B753693DC5EA83566C1D50,SHA256=8CED0FA4E5C9B355A3FF4CE58EF61E9A4DD7D79772B08B98F0D39F74D0183A32,IMPHASH=00000000000000000000000000000000falsetrue 13241300x8000000000000000137636Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:42:28.050{6EDEAD03-5041-615D-1000-00000000FC01}376C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7ba8e-0x17f0e7cf) 23542300x8000000000000000137638Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:29.722{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A0A9643A8A44D969BA6CECCC8D982CF6,SHA256=F34B00421004C68C83E78BEB23FD93AC09CB44B0E5228D4A553F10361468E81B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120546Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:29.131{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=46F2B28AE8CFB2F3032279695F93CDB1,SHA256=FD3C8389438A64CB471827B9BE32BDF5DBD2CF939E6503D6E2045B460DF20397,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137641Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:30.724{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5119ABDFFF900910300F94C670DF077C,SHA256=E6BD975EB496AE7363A4FFD301C8369EEA3546E90DA64F3236F77ACC0E0F35AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120547Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:30.162{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=81C16E307B81C4DDED1AA7B0B258BD57,SHA256=1145911F9BC1C654C75CEA0AFA2390D65C5CCA67982AC0FC7E20E6E9CBEECD2C,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137640Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:27.534{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64607-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000137639Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:27.362{6EDEAD03-5041-615D-1000-00000000FC01}376C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudptruefalse10.0.1.14win-dc-676.attackrange.local123ntpfalse20.101.57.9-123ntp 23542300x8000000000000000137650Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:31.739{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=001E8E79DA22DD7BC7765C8F7B35412A,SHA256=4A0D9740758899203D550BA381070A28EEBFF082BC8FD7BD5280FCF49DD90BFC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120548Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:31.371{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4104EA75AB85F07FD0B646FAFB4CBD2B,SHA256=153F8031812FB6839B70836BBEF73DB617F5A4A60979D629C7A5B38AF9CCA3C3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137649Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:31.255{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-6177-615D-CD02-00000000FC01}5488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137648Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:31.255{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137647Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:31.255{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137646Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:31.255{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137645Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:31.255{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137644Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:31.255{6EDEAD03-503F-615D-0500-00000000FC01}408404C:\Windows\system32\csrss.exe{6EDEAD03-6177-615D-CD02-00000000FC01}5488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137643Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:31.255{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-6177-615D-CD02-00000000FC01}5488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137642Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:31.256{6EDEAD03-6177-615D-CD02-00000000FC01}5488C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137662Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:32.755{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4057CAC7CD80D1E2F02E6589488DC655,SHA256=9117D63B5844EB49DD7B10816F03D5252111124A95EEF5B31CC4AF6A53547452,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120550Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:29.625{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50586-false10.0.1.12-8000- 23542300x8000000000000000120549Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:32.387{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=988F6A0529C6EA0FB2F23643F39C7E5A,SHA256=031E15683621CA387FC4BFBF1DCDE35356770EF1DF770DBD84E435F4224B4917,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137661Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:32.286{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F20188737FC0B894796D66D9D175AA2C,SHA256=31B16783CC7294BDAF0670FD7005C843CDE5E1F5138B78F4082CDEFFACE79D66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137660Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:32.286{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0908078CB557D8B0ED92D6287294EC25,SHA256=38E93F75C923BB75BFAB7AB12F44394F0FA21019DA994F9A7DD2F4BBE25D6CA2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137659Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:32.177{6EDEAD03-6178-615D-CE02-00000000FC01}55043456C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137658Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:32.005{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-6178-615D-CE02-00000000FC01}5504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137657Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:32.005{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137656Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:32.005{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137655Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:32.005{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137654Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:32.005{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137653Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:32.005{6EDEAD03-503F-615D-0500-00000000FC01}408356C:\Windows\system32\csrss.exe{6EDEAD03-6178-615D-CE02-00000000FC01}5504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137652Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:32.005{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-6178-615D-CE02-00000000FC01}5504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137651Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:32.006{6EDEAD03-6178-615D-CE02-00000000FC01}5504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137671Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:33.770{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0C483917855860B89A3CE0E01324B6BF,SHA256=CDD3B7F2664D37C848EF3960E2A8093B0125F247DF0B83D76C99657077705520,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120551Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:33.449{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=171171DDF49015351C5AA30277580927,SHA256=1D60FF143489EE342E0F66E8269422B5277FDF983A42D824ED3C57B3A6B7F17C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137670Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:33.270{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-6179-615D-CF02-00000000FC01}6036C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137669Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:33.270{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137668Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:33.270{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137667Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:33.270{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137666Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:33.270{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137665Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:33.270{6EDEAD03-503F-615D-0500-00000000FC01}408356C:\Windows\system32\csrss.exe{6EDEAD03-6179-615D-CF02-00000000FC01}6036C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137664Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:33.270{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-6179-615D-CF02-00000000FC01}6036C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137663Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:33.271{6EDEAD03-6179-615D-CF02-00000000FC01}6036C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000137690Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:34.942{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-617A-615D-D102-00000000FC01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137689Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:34.942{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137688Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:34.942{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137687Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:34.942{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137686Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:34.942{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137685Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:34.942{6EDEAD03-503F-615D-0500-00000000FC01}408356C:\Windows\system32\csrss.exe{6EDEAD03-617A-615D-D102-00000000FC01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137684Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:34.942{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-617A-615D-D102-00000000FC01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137683Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:34.943{6EDEAD03-617A-615D-D102-00000000FC01}3084C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137682Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:34.880{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D45DB873F27DDDBDE9FF3DECB5C112CC,SHA256=6683BD51A9CD992FC15152F2ECF0F5F842650EBD552864E595B77CDED5291383,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120552Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:34.496{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1BCEDDE951AA5489E4979693BFA62EF5,SHA256=748A6CA239214ADFCAF039E3AFB65233CDB2A20B2869770D1952E66E98748306,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137681Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:34.489{6EDEAD03-617A-615D-D002-00000000FC01}3685288C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137680Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:34.349{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-617A-615D-D002-00000000FC01}368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137679Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:34.349{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137678Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:34.349{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137677Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:34.349{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137676Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:34.349{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137675Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:34.349{6EDEAD03-503F-615D-0500-00000000FC01}408356C:\Windows\system32\csrss.exe{6EDEAD03-617A-615D-D002-00000000FC01}368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137674Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:34.349{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-617A-615D-D002-00000000FC01}368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137673Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:34.350{6EDEAD03-617A-615D-D002-00000000FC01}368C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137672Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:34.270{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F20188737FC0B894796D66D9D175AA2C,SHA256=31B16783CC7294BDAF0670FD7005C843CDE5E1F5138B78F4082CDEFFACE79D66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137705Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:35.911{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6DDCBD347DEF08EAD6BD57A5D8F933D4,SHA256=25BD7069587B61006C8F429972CEAC68AB9073BB0F11B2E98F7CFD46556E2E1D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120553Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:35.511{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=40D952B3442D1A196672720521CCA748,SHA256=F4AE73142F340B44262CF7C9BAC2309287B7827EBB631E231BE9DAB39FA33309,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137704Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:35.786{6EDEAD03-617B-615D-D202-00000000FC01}57843864C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137703Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:35.614{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-617B-615D-D202-00000000FC01}5784C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137702Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:35.614{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137701Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:35.614{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137700Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:35.614{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137699Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:35.614{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137698Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:35.614{6EDEAD03-503F-615D-0500-00000000FC01}408356C:\Windows\system32\csrss.exe{6EDEAD03-617B-615D-D202-00000000FC01}5784C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137697Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:35.614{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-617B-615D-D202-00000000FC01}5784C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137696Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:35.615{6EDEAD03-617B-615D-D202-00000000FC01}5784C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137695Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:35.380{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=4236B68796A2D16EC58717B8601DA643,SHA256=719DC1ACE0F3A9E452C2145FFCCE9886CFCF3FA7C5175A5F6703171EF35A8AB9,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137694Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:32.786{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64609-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000137693Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:32.786{6EDEAD03-504E-615D-2700-00000000FC01}2916C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64609-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000137692Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:32.539{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64608-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000137691Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:35.114{6EDEAD03-617A-615D-D102-00000000FC01}30843012C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000137707Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:36.927{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F67965509C51EC5E979D119019B8DF06,SHA256=97E3B6A0B56BB9A85FF6B0F286656881FA785A18A71534F8AD1247668F9FE65E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120554Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:36.527{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4951D24268CF54F5F098753FF14DCE79,SHA256=1F371616DB6462429DB76D9C718DE20C823D35A3914E589EF6333BC51E5E8371,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137706Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:36.692{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2086565840728603A7F1D97107E54DDF,SHA256=E99A196DE5182B06D3F444D36F61E6BCEA39AC671758252D1267CDD9FD59DD43,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137716Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:37.942{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0849312EC56BC431E9DDF709AC0A6965,SHA256=A95FDF331C864EEDFA71F4B1ADC59BDE3B35F87DF1B2AFEB72810CB7764DB37B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120556Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:34.646{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50587-false10.0.1.12-8000- 23542300x8000000000000000120555Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:37.558{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=359AE135B597A5ED67AF273C009EE008,SHA256=55AF2D96B8532C3CD24FA7A69D7826C66CB2661571900AC1A13B40C9255B5E1A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137715Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:37.770{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-617D-615D-D302-00000000FC01}2352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137714Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:37.770{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137713Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:37.770{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137712Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:37.770{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137711Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:37.770{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137710Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:37.770{6EDEAD03-503F-615D-0500-00000000FC01}408404C:\Windows\system32\csrss.exe{6EDEAD03-617D-615D-D302-00000000FC01}2352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137709Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:37.770{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-617D-615D-D302-00000000FC01}2352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137708Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:37.771{6EDEAD03-617D-615D-D302-00000000FC01}2352C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120557Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:38.621{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F9BEEC9E36ACCCC4E5FBDAD234ADB355,SHA256=1BA1F9BD6C0CDD58338453356F9837B4DFDA493F01AA80B6BFC60077E40F1CB1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137717Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:38.786{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=9048FE2AE86EFBC2A42BE9C02F08A7A0,SHA256=6BACF39E87DB24B666A8BF4BFDE4276174D5CC05675DCBD79BFF5DC7DE9E54D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120558Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:39.621{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C9176208222FB17BC9E932B45E6172BC,SHA256=CB33C1E9AA847B9870D07768F394B45F2A502563DA91300AD0EEE8C6E3743D7E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137718Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:39.177{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A5B0A9F303C7F17D0CFEE446C2C220DD,SHA256=F93D8F5AB66981FE8993B23EB22D172FA33E1D0D3C72AA412FF2A41DA497B547,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120559Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:40.777{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7101450AF02E5B99A2D21C8FFDCB2D74,SHA256=A7A19CBE29914D7F6C8D9D542C78FBCE32A7659B1B18751E50E62772F2FD3165,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137719Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:40.255{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=14CD9E44095A443BF2B541188593FC40,SHA256=B41F8B73A308AA6285D85982D5ED915F3598123C4A17120E48A3228C1652AEEE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120560Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:41.808{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=654D0BA4AF193424C6059EE14E529D6E,SHA256=92C108AB317FBF122761791415EBCE4F1822244E45E26459BDBDF8E708CB5042,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137721Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:38.427{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64610-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137720Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:41.270{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=91152D8BFB760F79A1ECF418218F5BD3,SHA256=A0506887A6393A6EDD3852AA35F4C2AD6613211A466DEDFC88B52F6B1274E481,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120562Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:39.662{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50588-false10.0.1.12-8000- 23542300x8000000000000000120561Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:42.917{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=424784D2CE10E2AB6C4EDFD1BEC62485,SHA256=5D85A36BC7E35080B0820D9E90DA06DA71D8E398FAD9BA3CE3E7D293A3420C88,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137722Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:42.286{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1BA570EAE7375E0B062EFB924C2D6942,SHA256=35409890C42806FBDE616CB8C4F2A18E45BB439C142A464360BD22C580F6B45B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120563Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:43.933{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7EB10948395F648BDC02D5E784505AF7,SHA256=2E7CEBD1950156788C97C3A61E6155EDC9571B7B963EE9C6F33164B320DB3D09,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137723Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:43.302{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FACA604C4B8F142FA94896A13179FE99,SHA256=B57A333D88086B43A4761A756CCF4B35A16491454AD3B087E352AF844CC5B6EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120565Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:44.995{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=014BD8ED742E239E35101717C7AAA0B8,SHA256=D3BCD0AF49EDDCA77BB940716A3774B2EEC2F1A83FDBB5D4C1D6C37C511414F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137724Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:44.302{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD2CE9851265ABEE6A0B6D22ABD928CE,SHA256=B9C3CDA523387C1CF4FAD2F3936976FA657F7777A3AE01FB88968AAE1226E68A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120564Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:44.339{49C67628-5044-615D-2200-00000000FD01}1580NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137725Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:45.317{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=37A8773F3BB26D34DC350D3C66E72DB4,SHA256=6D78CFD717FC6E0851547A4D45F76BA4C0CA433C73586BC69EF669A4E9310BE4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137726Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:46.333{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6F0AFD84D845120FFA8CA566EE5DB0BA,SHA256=711A7F153DE0491C48693083B529DDB1E6FD070AED3EBE14675BF6D47C4D0BEC,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120567Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:43.849{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50589-false10.0.1.12-8089- 23542300x8000000000000000120566Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:46.011{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FE0866CBD9D8FB65714B07338B3BC926,SHA256=72B8CF4E72674CC11140C56B723ABE63FC565D68B9274488F86427E623874BDB,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137728Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:44.396{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64611-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137727Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:47.349{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=52AD035EC25BA14662227F01120EF447,SHA256=0CEBE433ED0BC8B45FAC4993748185D99B2C40EAE26003621642F38BCF89E8E5,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120569Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:45.615{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50590-false10.0.1.12-8000- 23542300x8000000000000000120568Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:47.042{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B9E89C2003D96752A3CE4F2169D11A5A,SHA256=F7345794A32D3EB18A59CB703576574100AF9AAD633A955CAE90BDF3D9565B52,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137729Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:48.364{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5EDB8348E010D3BBD9DDFDD658878032,SHA256=33E5D40986A96D431FB5381E74F98ECAE3C6A0EE45103B80C6AEC6CCF42EAE14,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120570Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:48.089{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E416E6EA28B6C2CDA02676635966F73,SHA256=172651248410FF355A245785BAF770A5C8E411CD62CCA3CE1D29DC08417C966E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137730Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:49.364{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F8E9952ADDC0FAFAAB2AEA357E5DED8A,SHA256=4FDA78E743DE6A59C788767DBC43B816C9460568AB9F0A79BD2048C579BC1794,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120571Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:49.308{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D2C31A5F7C3B4EF5F0C8947358E65E33,SHA256=394F1B93789A52092A3AD1DD8F42FCFC8F1B7CB18081BB2DD8C283EFEFED29C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120572Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:50.336{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13999F9ECA4C270469F6CCD69B632EBE,SHA256=6647571D243B4053DA05785E3B7A8B6990B8E892DB83FA4223DD4E15BB32078B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137731Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:50.423{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AFFACD98FCF9D56726CCAD6CBA315CD3,SHA256=7E99D53F74ED7E1C339F8C6D78CE158EE5962158469831430B55B83EE9FC35FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137732Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:51.501{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E4FA26DB9F72925A70AD4AF77D3749BC,SHA256=585BE7862CEBB86382D83C819BAB24AE1505D5B9E3A26E460A5D798BED9E893F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120573Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:51.476{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DEE0B8AD1FC32F381F46F4BA652D5B64,SHA256=DFFEA277265BFA0BB2ECADF9CE1F19F456E76B86CE24459E7CBFD67B9F6C9DDE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137733Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:52.579{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=78690B90D6FCD7CEDA8FBC6C62D511E0,SHA256=99F16EF7238E9416873016FF882F0F5DD88B077B6CB2B69929155C1DAD455DD5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120574Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:52.492{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C7D537B6BF1766235DCAACE3868FCB5D,SHA256=A7AF0F500827BEA04A0FFCAC50F710B5091C2A3A99BBC165593501D96A35A981,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137735Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:50.423{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64612-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137734Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:53.595{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6BCA64AFF704E1ECB5A0ECF8EF05C128,SHA256=C89A79526B2A95CE6F381CACDC4988B6004C36931A23E26E4DEC997FBFA0C8AA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120575Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:53.523{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CAB69E47F1C553EC3A8FDDC7E6CEB58A,SHA256=F660A7E17D0639E52AAFE735A8750640F20BE61258476D818E3F41868CFBF253,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137736Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:54.673{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2C463E9C16A04473D8CBC449618F25A7,SHA256=2C3AD534761B858157E116D6B18B9D562BE0304D010AB05880CE35A84AF297FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120577Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:54.523{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A92D5F8C6D71D025305E52DC410E84D,SHA256=8468D4EE5DF7382E8AF57D84AA9D32140999517C052A68754A1F972AADCDD649,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120576Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:50.736{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50591-false10.0.1.12-8000- 23542300x8000000000000000137737Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:55.704{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7CFAC3FD5B1DDBD02E37B82C65286307,SHA256=3FB4CCE6F3DDDEF028C1F57D868852F2D7E73AE5112BCF3CA99ECAC13F9C5FE9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120578Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:55.554{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7E03B0846A76C5C119AE85D3F8C1C976,SHA256=EC5757093AE098F11B75368F66A94F5302070AB0A7FCCF906CBA3DA7E88FCC8C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137738Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:56.720{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F2F342E91F7E7F737CE80B364EB33DFE,SHA256=A0F0397549FF3E86FFC978418040C8949937CDD81C414B180108ABAADEF1A5AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120579Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:56.585{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9FCC181A0C3572B9FBFB962E632985C3,SHA256=CA41837D734D07E181C7D663034730FDE3E01EFF8B3382387882573543D2C71C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137739Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:57.813{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=82FD5B303F133530DCDD56F303A03BCF,SHA256=901562C3CD0EA28D12FDB201A64BCCA5E78B07D3B2AC9E5D37A0B77C35BBA3CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120580Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:57.601{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4751F7E5762E09DA92B74AC14E735D72,SHA256=FEE53803A1596E368CF08EDF25F20D7B93AD8DEAAA4B420B11EEB0EBF50A64D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137740Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:58.845{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=70524E8BCE1224C1282806C01BA2ED47,SHA256=BF23D41DA3D87E8DB0B8E8423AE6EDDE4DAAC9A94A311280E1623D01213258D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120581Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:58.663{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=56EDAB182F2757CE6B7DC9CC740D5BB1,SHA256=B2D3C26C956E3E6221F8B599525DD80E837602648B2A7D0D1736E7A207A3A9E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137741Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:59.860{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=19CD300DDFF091302F51FD786035537C,SHA256=21C6874FA5212BC6E549DC2E342A90D5BE238E12B3C6128C572814039B07105D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120583Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:59.727{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6DD9622A9D56EBA6AC2E3E8959939344,SHA256=D55F7DFA71A9058E329FF9D9E2840BA5A51E853BD8F92BC1FF12A6A3C5870C3E,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120582Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:42:56.642{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50592-false10.0.1.12-8000- 23542300x8000000000000000137743Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:00.907{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=89C2B7705268DB2BCA983F817487562B,SHA256=BD75F8223B25C4855A6D492D090915FEDE98E1B22365CC1219EBD8CE74263177,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120585Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:00.837{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=716650BE2AF7FCA918D3AAAAA293C724,SHA256=FC29AD906EFDB0C58B6B01A5B7F6411B96543B68269738EC6E9FBAB18964C938,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137742Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:42:56.438{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64613-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000120584Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:00.043{49C67628-5044-615D-1A00-00000000FD01}1860NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211006072910-071MD5=266A8C17E3E1B8A0B29A8C5E77CA200E,SHA256=01EFC44F32696762DC9319663F7889EF6AAFD7A8B30AE6A823FD17BD5EE43D66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137744Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:01.923{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FEFDE58C3D8A883C53FA1BE5C2FFFE18,SHA256=2006F5C275BA83603DEEBDF3AD29339DD274FEB03ECB72DFA3B5763C1899C9BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120587Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:01.852{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=32106BD199347DB2629A149E299A9E66,SHA256=6E31FF36F45E1A878223BBFDFCAAD1D87AB9CE5DAF7AB312156800397D6B907B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120586Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:01.040{49C67628-5044-615D-1A00-00000000FD01}1860NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211006072908-072MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137745Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:02.954{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=18DE0492112A1C7BBF184B54B9F0E85A,SHA256=B0EAA991D023ABD5A4262A6B51C27634A9F6604CF6DE190C12B242303A21298D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120588Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:02.867{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=307383CBBE94D353C184333A3C08D1C5,SHA256=38D30F071B2F129C89473CA03055FAEB2F84002CBF1B01C6AC147C84CA8BDC10,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137746Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:03.970{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2F1EA6616B0945F3F96906729D82957D,SHA256=CA302C7DCF7807B6EEB4384D37B034681B3F68A8203EFB8271734F9A1DA77893,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120590Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:03.867{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=17CFCD281EC20F1428F77DB156DEEB90,SHA256=FE0363E547456ED0D5A0CE978A78366B9299E2AA7F9A85C5D0489519DDC2366B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120589Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:01.642{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50593-false10.0.1.12-8000- 23542300x8000000000000000120591Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:04.883{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=611491D24825655ADF60ED998277BC1C,SHA256=062DDDFC798135B537ECD2A7D1874B26F0D56B040AAE8062A953EF2FB38DCF07,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137747Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:01.548{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64614-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000120592Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:05.898{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B66064F3FD8D86B93E03EF58A7022E9A,SHA256=80C04BED82ACB1398E35FE3254D4ABE0C39822E4A92FF38D30B4430F4258EEED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137748Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:05.001{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B6DE60D948DA6ACAD56FAE10C591089D,SHA256=732AD34D51E1B99CC2CC3F4136BC45BB4029D43B83CB906C6B772720D1EA137E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120593Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:06.914{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=00BFF100521B4FC0561809C472748CE2,SHA256=9FBC15A2EBEDA17E3A6BCC047BEE18A9D4D66A303E2AB8D2CC987E37D8834AE9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137749Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:06.032{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BBC38F3F41ED2E2DDCEC310D1DF9DD25,SHA256=C327E897827CAD9FD9BA6001EBA3AC56A4B4D62A588513AA73441BEDF52528A3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120594Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:07.930{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FD465E2EC1385A19185D6DA5CDC978A1,SHA256=CDF6135E449D0ACE65692E403A1809AFE3B52D8D7C6F55E95AB0F00BF42C3050,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137751Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:07.048{6EDEAD03-5041-615D-1100-00000000FC01}380NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=C6AEE9AE2489880645072B669378ED16,SHA256=1A8B6CD30CA35FCD4804DF39E20B2F4277BE4FD5136FD5E5EDEA8737CF12A429,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137750Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:07.032{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=439937ABF602D003EF9E83BBFC14786E,SHA256=4B1488AA8456A1374F4E33132157611172668394B60E822DD2411EA2E3492E48,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120596Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:08.945{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=13097E5C108361D4A3D2B41CD11C4A44,SHA256=EC0CF7B130E230F6C0148EFB0810C323399373DB507F66BC220DAB0A244EAFAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137752Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:08.095{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=29F5AA0B6A84DE3633836F643ADC4A6B,SHA256=0C32DE7889F35F4265695FB32A27F09D7DA2FE184AF7CDBFF19F29B14665BC9D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120595Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:08.789{49C67628-5043-615D-1200-00000000FD01}1012NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=500EA172E1891B506C596CC3F5AD4785,SHA256=0FA71798AFF6B022FB2EF1CDDBA2253DA19768C845A334A5CC8B1AC2AE574482,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120597Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:09.961{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F4E801B25C72A314112C1491B232AD4,SHA256=EB7F417CC13BC94C91D733177E8BF8FD273585B04253C25E5B4A9E9A33021400,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137754Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:06.579{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64615-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137753Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:09.110{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=77D6F4FB2FA82D5A23CAD86287C1CEFF,SHA256=9AD2D03E2535A480B7D9597A7AE4EB2ABD7BE5D3C0D4665C97A756ABFE99ECD5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120598Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:10.961{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3E9A70D42A34732E3E3F4B3845132410,SHA256=06587904A9A7AABB6AF78C41B59933C24A99A5EFE569D0AD7B2CB2D59EEAA6C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137756Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:10.801{6EDEAD03-504E-615D-2800-00000000FC01}2924NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211006072921-071MD5=58D52BFFD80488B8005F7C319C2D4334,SHA256=B9D8441D1BC2ED8425146F5F211E2A21C477807F4E0B7EBAD9811C868FAB9279,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137755Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:10.110{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6187E4F8675872DBF12DD11E0AF519D5,SHA256=84AAFB0441BDB41FBC1200D8DB4CC7A36F0B7AB877503D372DB7CB91624EC1EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120600Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:11.976{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2950F6B2B8AEE887A99296FE39B8372D,SHA256=B1FC904A44A9AF05D72748420B5B9C59BFBCDE726BFC3C8D62AF2534CE13DA11,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120599Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:07.595{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50594-false10.0.1.12-8000- 23542300x8000000000000000137758Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:11.799{6EDEAD03-504E-615D-2800-00000000FC01}2924NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211006072919-072MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137757Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:11.345{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6E18E21EB48BBE969971252BCF4B81D7,SHA256=E95354461F7D70032CCFC0A2F6FA847FCEBA0DCE7E3FC0A822B2D25DE6626CD2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137759Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:12.378{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7D84AA44FC05A5956B77672661C59859,SHA256=FDD757EDBF25DDE9639DF69CF419BA3F37C791E43BB8A1B98056D50C1AC70CF0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137760Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:13.440{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=010E20BBC4868AC6C077DAF93BEE427D,SHA256=2152C3F4CC3893056901A2F30DBB7264F7691EFC83E0662A459396AEE164538F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120601Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:13.195{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=018AB6B91EB75D39817E915CCEC48747,SHA256=22522A39E7B13ED0944B042E377136DF177F183873586DF639921AE68D54492F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137762Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:12.347{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64616-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137761Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:14.456{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0AA7A1371D019C3D7F3825285F206260,SHA256=2D73D5D26303EE55CAD5C4AB7658F53D60A416F4CE822F22305C88F422890009,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120602Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:14.211{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F16E2D868262E691D6C0E8BA6A6DF13,SHA256=3AF96F67B634ED859912C8516DAB8169961B12BE1E895048B7FBAA8E0921C02A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120603Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:15.242{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB97A020321C666D5C780A92167E3335,SHA256=F91CFDDCAEACBD21A1E15296638CDC71B1F157488E5AB97B3BC78BB2C83012F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137763Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:15.487{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8BD4596F1E1F37FF3E1C8CB0E87C0EBC,SHA256=7A100BEDB11E02C45C1F872323DC1A166BA3CBCF74B497BD538E570006852B48,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120605Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:16.289{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=155EBF38DDA350E000BA61AD1FB66978,SHA256=C13AF0B6A3B13D90624964D04D93564E70FF31930A5B5CFFC7B6F6CA88112866,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120604Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:13.580{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50595-false10.0.1.12-8000- 23542300x8000000000000000137764Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:16.503{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B91744157FE230CF0166023E899958FC,SHA256=304AC7533FBA97966F33D765B00DF1A6D25D27259D91A75B7D9B0F5F11314D8A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120606Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:17.290{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F9E9C82DE95BB845074CA3082F5F37B5,SHA256=892D7CF18F0AC216BAC23F7DA1081DCC6E2ACF850318843ED604E4FA8FF1C144,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137775Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:17.519{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=62C1E5B0544B10012B0FD5CD30CC1B91,SHA256=D0DEEF9B46714A61DB6C65B26CF7AE942B462962DBDA739D07A315BEC5D07F3F,IMPHASH=00000000000000000000000000000000falsetrue 13241300x8000000000000000137774Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:43:17.003{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000137773Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:43:17.003{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00448b0e) 13241300x8000000000000000137772Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:43:17.003{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7ba85-0xd2c6546c) 13241300x8000000000000000137771Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:43:17.003{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7ba8e-0x348abc6c) 13241300x8000000000000000137770Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:43:17.003{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7ba96-0x964f246c) 13241300x8000000000000000137769Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:43:17.003{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000137768Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:43:17.003{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00448b0e) 13241300x8000000000000000137767Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:43:17.003{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7ba85-0xd2c6546c) 13241300x8000000000000000137766Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:43:17.003{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7ba8e-0x348abc6c) 13241300x8000000000000000137765Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:43:17.003{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7ba96-0x964f246c) 23542300x8000000000000000120607Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:18.398{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=81ED9C3185400AEECA0DEBCE830769F7,SHA256=F6C4635CC3C1B45EE9D96978132EB888600A67DAD109312A5D29114CDD3F0502,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137777Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:18.987{6EDEAD03-504E-615D-3000-00000000FC01}2448NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137776Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:18.519{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F26D57999B852C5FAB2CDB20A62F4D7,SHA256=7F41C14AAB6DD526BB4B43AEB4A8069370E9B6F4047E443B50DB9B88405AFA59,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120621Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:19.961{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-61A7-615D-9C02-00000000FD01}504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120620Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:19.961{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120619Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:19.961{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120618Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:19.961{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120617Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:19.961{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120616Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:19.961{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120615Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:19.961{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120614Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:19.961{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120613Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:19.961{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120612Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:19.961{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120611Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:19.961{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-61A7-615D-9C02-00000000FD01}504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120610Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:19.961{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-61A7-615D-9C02-00000000FD01}504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120609Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:19.961{49C67628-61A7-615D-9C02-00000000FD01}504C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120608Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:19.492{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F7F465A3733BE7BACDA7CC4CA1B00E74,SHA256=58E046AB89349D4100FF518EAB9E23211DCA0416A5A572DC8BE744E3BAA3E350,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137779Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:17.393{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64617-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137778Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:19.550{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F4244BBA3CFD9B501E58031513D21FA7,SHA256=908940C4C9D5BEABC6376CC938AD5CAA76247ACFEBB4F96559444DE46764C34F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137781Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:18.300{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64618-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000137780Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:20.550{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0DE5E84DED9F0D03703FE3A19AAA9EB6,SHA256=1D3A9437AA4A2AA37073914A2E4196157E3053860FFB93ABBB8CEFCC91CF099F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120637Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:20.586{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-61A8-615D-9D02-00000000FD01}1204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120636Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:20.586{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120635Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:20.586{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120634Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:20.586{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120633Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:20.586{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120632Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:20.586{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120631Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:20.586{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120630Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:20.586{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120629Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:20.586{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120628Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:20.586{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-61A8-615D-9D02-00000000FD01}1204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120627Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:20.586{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120626Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:20.586{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-61A8-615D-9D02-00000000FD01}1204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120625Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:20.587{49C67628-61A8-615D-9D02-00000000FD01}1204C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120624Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:20.523{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=306B597B144C5F2E052184B8BD6D8FA0,SHA256=3A5E3304E9989F9AA2AB4DB2B1A5EEC5DBF3A94FBC9B66A34EEC6F8E562C48D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120623Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:20.523{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD05434BDD607599223B496847BE0F34,SHA256=F43DF5F3FAAC5D176C505951E024003F892B09E2B88EE6E1D782B5C6C749D378,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120622Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:20.117{49C67628-61A7-615D-9C02-00000000FD01}5044000C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000137782Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:21.565{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1E6C641A7F323B29A6BC93DAFB2E37ED,SHA256=CF99CFA9D0FAD7E3E1C3E25FFBB27ACEBCA5B6D8A0B5FC1522BA996C918994CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120641Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:21.554{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E2EB3E16A48967A862C80730B61C4D4B,SHA256=EAB18D3CF857B27C0260570371A650786DB36B0C2E71112D5A938E473B642111,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120640Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:18.705{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50596-false10.0.1.12-8000- 23542300x8000000000000000120639Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:21.117{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=88320187154CD9847783E00016779C81,SHA256=9EA7894EE308B2D5F86306470EEE30935B4DDBAC504DEF2FB8ED1CDC4E100B55,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120638Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:21.117{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D0C7FD5B171F25F7DDCF8A3356C3F925,SHA256=D29FF979DC7E57855F999E67E87130AF80804667FBBD55B52111D7816F920B1B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137783Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:22.581{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B52CC56F483CF305C054420CD3F1EE92,SHA256=7EDF1322061436F62C83B355AB2D1F77A5FB49BD0D82CC25F8F6790F1D8DD93F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120655Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:22.586{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=358E9649A1B81C06001276A2A906D737,SHA256=7F1089D28ED75D062FCFDA3FF584ED2FFDF53F17B4C6CE119503427194F6E69F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120654Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:22.304{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-61AA-615D-9E02-00000000FD01}3472C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120653Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:22.304{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120652Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:22.304{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120651Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:22.304{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120650Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:22.304{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120649Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:22.304{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120648Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:22.304{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120647Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:22.304{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120646Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:22.304{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120645Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:22.304{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120644Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:22.304{49C67628-5042-615D-0500-00000000FD01}408528C:\Windows\system32\csrss.exe{49C67628-61AA-615D-9E02-00000000FD01}3472C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120643Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:22.304{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-61AA-615D-9E02-00000000FD01}3472C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120642Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:22.305{49C67628-61AA-615D-9E02-00000000FD01}3472C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120671Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:23.632{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9381250159AC434EB863573DAF7EE184,SHA256=3C1A5501E7CE5D6FCA73ED0895AC83BE5F6E1A68F825437BC700A7B518DD22EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137784Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:23.597{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E92A6B6CE606A74C893929FE1556168B,SHA256=B266101890FF814CCFA2E42B88BB2BF16147C8670E2F98843761A5C372F7C618,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120670Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:23.554{49C67628-61AB-615D-9F02-00000000FD01}22043288C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000120669Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:23.429{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=88320187154CD9847783E00016779C81,SHA256=9EA7894EE308B2D5F86306470EEE30935B4DDBAC504DEF2FB8ED1CDC4E100B55,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120668Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:23.414{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-61AB-615D-9F02-00000000FD01}2204C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120667Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:23.414{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120666Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:23.414{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120665Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:23.414{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120664Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:23.414{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120663Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:23.414{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120662Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:23.414{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120661Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:23.414{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120660Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:23.414{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120659Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:23.414{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120658Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:23.414{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-61AB-615D-9F02-00000000FD01}2204C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120657Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:23.414{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-61AB-615D-9F02-00000000FD01}2204C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120656Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:23.414{49C67628-61AB-615D-9F02-00000000FD01}2204C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000120699Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.976{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-61AC-615D-A102-00000000FD01}1480C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120698Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.976{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120697Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.976{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120696Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.976{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120695Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.976{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120694Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.976{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120693Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.976{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120692Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.976{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120691Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.976{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120690Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.976{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120689Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.976{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-61AC-615D-A102-00000000FD01}1480C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120688Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.976{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-61AC-615D-A102-00000000FD01}1480C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120687Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.977{49C67628-61AC-615D-A102-00000000FD01}1480C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120686Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.695{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D93FFCB41F54A9BF2F6F2F43C615A883,SHA256=0DAC3F7147F6914C20BD568A788D3E553829E125038263AAEB821DBF7D7F63C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137785Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:24.612{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7E71F5C29B75B8EA8859425CFC1765BF,SHA256=1FE3C792891F02E1BF6FF3D5D01187AC69D8E0AE6BCAF1A048AF71F329E1CECC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120685Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.492{49C67628-61AC-615D-A002-00000000FD01}22803344C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120684Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.304{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-61AC-615D-A002-00000000FD01}2280C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120683Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.304{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120682Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.304{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120681Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.304{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120680Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.304{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120679Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.304{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120678Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.304{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120677Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.304{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120676Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.304{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120675Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.304{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120674Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.304{49C67628-5042-615D-0500-00000000FD01}408528C:\Windows\system32\csrss.exe{49C67628-61AC-615D-A002-00000000FD01}2280C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120673Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.304{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-61AC-615D-A002-00000000FD01}2280C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120672Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.305{49C67628-61AC-615D-A002-00000000FD01}2280C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120702Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:25.710{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2DEEC41F493F0000D001AFC0E1313BAF,SHA256=E76C127CB917092DC9CFE081E9CDFAB41B879895EAC4E2A5E5BDC680379DA463,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137786Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:25.644{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D842F562E008EC328F7B051F119F90FF,SHA256=C7B42BC59E23DB8F524F3104852E37C90D35AB8D9A7B43D7E254A6C086995A67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120701Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:25.320{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FFE6101DF17DF03A3185D426662505FD,SHA256=0607B4386F58B3031C2531A7156F948090068D423D1A6F118A9E4184A291B7D0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120700Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:25.195{49C67628-61AC-615D-A102-00000000FD01}14802500C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000120704Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:24.610{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50597-false10.0.1.12-8000- 23542300x8000000000000000120703Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:26.710{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E048DCA2C1B84FBCB6202836AC9361D7,SHA256=C7605F4517CD07901D7381D45C96AA82A08E96D468D44AB4B7820B467F76746C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137788Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:26.659{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=118C5368FAF2E3606D1DFB26E6D01F11,SHA256=7122B9D66AAAB78C61F2D8770D539EFD421E10E0CABC57E984C7D941E95CE57F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137787Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:22.534{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64619-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137789Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:27.690{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8AE06352FEA7BD9F5B4F45DCD28AA278,SHA256=3A3DF2DEA65BA3958E5AD0F445BFD6917F3E4A5379864485A230E5943E4B59CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120718Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:27.726{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=459B5BA67A2A3AE4536D95013F2F3D3D,SHA256=9683D7B4897052AC7AA41B6D17B9B45F81995F5843A57910DDF095D3E10AC4F6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120717Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:27.023{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-61AF-615D-A202-00000000FD01}3220C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120716Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:27.023{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120715Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:27.023{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120714Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:27.023{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120713Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:27.023{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120712Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:27.023{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120711Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:27.023{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120710Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:27.023{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120709Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:27.023{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120708Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:27.023{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120707Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:27.023{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-61AF-615D-A202-00000000FD01}3220C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120706Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:27.023{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-61AF-615D-A202-00000000FD01}3220C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120705Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:27.023{49C67628-61AF-615D-A202-00000000FD01}3220C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120720Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:28.741{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FBB9EE23CBF93FD52A8F891497DE9050,SHA256=0E944E6C0DC5FA5D09A4F0C4A9D1FF1C81DAE37A396DD2FD923E257D49233DFA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137790Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:28.769{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F402A4772889B78E8AF5986492408C1,SHA256=4346E051E88366ED636BB1ED8B34B1D00EC4CDC1862BD30967672C0BFBB0D1EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120719Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:28.054{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=243E74FDF17A7BDE7DA672191D8FBF42,SHA256=6E00FCC54D23E75C18DFDCDC67CDB2C82F1EB3E2E01D7FE15AC896CC47D54E94,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120721Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:29.773{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E0240EB757646D857BAEDC0269B1BF45,SHA256=D2EE9DC1596BCBFA44F7F13882E749A616A295F1938B02A89BBB93AE3D2D6E46,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137791Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:29.769{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B5698280D96C3ED44196E44DF6C290BB,SHA256=50258D6E9520D45378B79E19DBF8B8A9F2D50F91B554EDE6E6007DFDBE699565,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120722Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:30.778{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DC671A6403BCA785558D3F04CD2CECA2,SHA256=41D8830F5C961466616700E9AE884CD37B6623A4D56491653F83620C2FE812B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137792Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:30.771{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=73DD2FBCC3AB1A8D8D650222D22F8C60,SHA256=2FC70A47C901D7BCD540D2380233F29B74DE35D3C81965F9176C6ADB5A5D5E65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120723Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:31.793{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ADCA1D7A9441D1DC5210BF82A41617D4,SHA256=83F942CF38A46A8C6EEF756DE8BD512D99969CF8A9131EF43053843E19DCC6E2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137837Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.880{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-61B3-615D-D702-00000000FC01}3652C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137836Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.880{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137835Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.880{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137834Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.880{6EDEAD03-503F-615D-0500-00000000FC01}408424C:\Windows\system32\csrss.exe{6EDEAD03-61B3-615D-D702-00000000FC01}3652C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137833Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.880{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137832Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.880{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137831Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.880{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-61B3-615D-D702-00000000FC01}3652C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137830Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.883{6EDEAD03-61B3-615D-D702-00000000FC01}3652C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137829Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.880{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6328BBEC277510D2C70D873BAFF81764,SHA256=B9C8E2A2B2E01C2EA17E9E6A3E26025DF48878E52C6A9FDCC7D3431EC773C39D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137828Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.552{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=FEC10D032D4C1482EC3344D080A18D86,SHA256=CBDF3330B6C32FD99081CE872B01E880416AC799D4023A8AE33EE52F1179E5F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137827Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.552{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=3F02BB4A8F71D872C238988C05D98512,SHA256=0D35CD6A3A23CA28FCB7431ABF8D449676CAC4A4FC6709DD4A342B00F6F3F14B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137826Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.537{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137825Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.537{6EDEAD03-5041-615D-1600-00000000FC01}1292756C:\Windows\system32\svchost.exe{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137824Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.521{6EDEAD03-5041-615D-1600-00000000FC01}12921348C:\Windows\system32\svchost.exe{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137823Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.505{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B3-615D-D502-00000000FC01}5596C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+7396|C:\Program Files\Mozilla Firefox\firefox.exe+57b9|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137822Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.490{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137821Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.490{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137820Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.490{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137819Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.427{6EDEAD03-538E-615D-FD00-00000000FC01}1004524C:\Windows\system32\csrss.exe{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137818Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.443{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137817Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.443{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137816Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.443{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137815Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.427{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137814Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.427{6EDEAD03-61B3-615D-D502-00000000FC01}55962436C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+188af|C:\Program Files\Mozilla Firefox\firefox.exe+8ba5|C:\Program Files\Mozilla Firefox\firefox.exe+57b9|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137813Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.442{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exe92.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6EDEAD03-5390-615D-37C9-0C0000000000}0xcc9372MediumMD5=DBDB3EFACC3D9039A4F5703662099178,SHA256=534A44A08893AFBE78E04B4CFF80BD00BFC40562A923E8AF38E240227A643FFB,IMPHASH=AECE7B7E776840D7A7255A31B309B7E4{6EDEAD03-61B3-615D-D502-00000000FC01}5596C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 10341000x8000000000000000137812Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.427{6EDEAD03-61B3-615D-D502-00000000FC01}55962436C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+7396|C:\Program Files\Mozilla Firefox\firefox.exe+57b9|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000137811Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.localInvDBSetValue2021-10-06 08:43:31.396{6EDEAD03-5041-615D-1200-00000000FC01}848C:\Windows\System32\svchost.exeHKU\S-1-5-21-1984405510-3441252591-1346373189-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Program Files\Mozilla Firefox\firefox.exeBinary Data 10341000x8000000000000000137810Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.380{6EDEAD03-5041-615D-1200-00000000FC01}8484828C:\Windows\System32\svchost.exe{6EDEAD03-61B3-615D-D502-00000000FC01}5596C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\pcasvc.dll+52e4|c:\windows\system32\pcasvc.dll+58a9|c:\windows\system32\pcasvc.dll+5b49|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137809Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.380{6EDEAD03-5041-615D-1200-00000000FC01}8484828C:\Windows\System32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1440C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+5bab|c:\windows\system32\pcasvc.dll+5b07|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137808Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.349{6EDEAD03-538E-615D-FD00-00000000FC01}1004524C:\Windows\system32\csrss.exe{6EDEAD03-61B3-615D-D502-00000000FC01}5596C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137807Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.349{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137806Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.349{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137805Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.349{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137804Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.349{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137803Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.349{6EDEAD03-5391-615D-0E01-00000000FC01}4800400C:\Windows\Explorer.EXE{6EDEAD03-61B3-615D-D502-00000000FC01}5596C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+a909f|C:\Windows\System32\windows.storage.dll+a8d15|C:\Windows\System32\windows.storage.dll+a8806|C:\Windows\System32\windows.storage.dll+a9c78|C:\Windows\System32\windows.storage.dll+a862e|C:\Windows\System32\windows.storage.dll+ab445|C:\Windows\System32\windows.storage.dll+ab7c4|C:\Windows\System32\windows.storage.dll+aae00|C:\Windows\System32\windows.storage.dll+ad62a|C:\Windows\System32\windows.storage.dll+ad3e2|C:\Windows\System32\SHELL32.dll+3f8bd|C:\Windows\System32\SHELL32.dll+3e456|C:\Windows\System32\SHELL32.dll+801d1|C:\Windows\System32\SHELL32.dll+6716e|C:\Windows\System32\windows.storage.dll+10932|C:\Windows\System32\windows.storage.dll+10629|C:\Windows\System32\windows.storage.dll+104ff|C:\Windows\System32\SHELL32.dll+80257|C:\Windows\System32\SHELL32.dll+6716e|C:\Windows\System32\SHELL32.dll+18cf2c 154100x8000000000000000137802Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.351{6EDEAD03-61B3-615D-D502-00000000FC01}5596C:\Program Files\Mozilla Firefox\firefox.exe92.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" C:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6EDEAD03-5390-615D-37C9-0C0000000000}0xcc9372HighMD5=DBDB3EFACC3D9039A4F5703662099178,SHA256=534A44A08893AFBE78E04B4CFF80BD00BFC40562A923E8AF38E240227A643FFB,IMPHASH=AECE7B7E776840D7A7255A31B309B7E4{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 10341000x8000000000000000137801Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.255{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-61B3-615D-D402-00000000FC01}4348C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137800Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.255{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137799Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.255{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137798Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.255{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137797Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.255{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137796Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.255{6EDEAD03-503F-615D-0500-00000000FC01}408524C:\Windows\system32\csrss.exe{6EDEAD03-61B3-615D-D402-00000000FC01}4348C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137795Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.255{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-61B3-615D-D402-00000000FC01}4348C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137794Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:31.256{6EDEAD03-61B3-615D-D402-00000000FC01}4348C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000137793Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:28.503{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64620-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000137841Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:32.427{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=FEC10D032D4C1482EC3344D080A18D86,SHA256=CBDF3330B6C32FD99081CE872B01E880416AC799D4023A8AE33EE52F1179E5F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137840Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:32.380{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=177C3354ABA3FA5CEE1C720FF4AD6921,SHA256=D04D7EB83833E3AAB77B7DD7311FF6E6CB3CA6D28EEBD0C817518EE73CEDFEA5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137839Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:32.380{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6519550FC762DD3B4CDA15B08DA60EED,SHA256=87FEC69C36E059FB3477816A2982321062C623B8313045E39B24D0AF5C6E3FF5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137838Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:32.068{6EDEAD03-61B3-615D-D702-00000000FC01}36523520C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000120725Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:29.704{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50598-false10.0.1.12-8000- 23542300x8000000000000000120724Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:33.012{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EE51C027E770EFD7D85E6CDFFCCDFD27,SHA256=782AD938ADE46A922D707967D75CB6FADF3997A5B8F29229193BF2BB411C3E2E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138054Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.974{6EDEAD03-5041-615D-1000-00000000FC01}3761736C:\Windows\system32\svchost.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138053Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.974{6EDEAD03-5041-615D-1000-00000000FC01}3761736C:\Windows\system32\svchost.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138052Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.974{6EDEAD03-503F-615D-0B00-00000000FC01}624672C:\Windows\system32\lsass.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138051Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.974{6EDEAD03-503F-615D-0B00-00000000FC01}624672C:\Windows\system32\lsass.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138050Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.958{6EDEAD03-61B3-615D-D602-00000000FC01}18923408C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a0b461|C:\Program Files\Mozilla Firefox\xul.dll+a6c6e5|C:\Program Files\Mozilla Firefox\xul.dll+d0281|C:\Program Files\Mozilla Firefox\xul.dll+19d6412|C:\Program Files\Mozilla Firefox\xul.dll+1747b79|C:\Program Files\Mozilla Firefox\xul.dll+167b2d9|C:\Program Files\Mozilla Firefox\xul.dll+26742|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+8b45d7|C:\Program Files\Mozilla Firefox\nss3.dll+7647d|C:\Program Files\Mozilla Firefox\nss3.dll+8e401|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000138049Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.958{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=23F6183EFF28EE4E98EAB6A3C061C70C,SHA256=88D89BD78717FB7DB194776624C7FC6DD8BB8EFBD4E115D777D0AECC86A4E62E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138048Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.943{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000138047Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:43:33.943{6EDEAD03-61B5-615D-D902-00000000FC01}1040\chrome.1892.6.212096732C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000138046Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.943{6EDEAD03-61B3-615D-D602-00000000FC01}18921972C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+1b80fc|C:\Program Files\Mozilla Firefox\xul.dll+a15446|C:\Program Files\Mozilla Firefox\xul.dll+a0ffef|C:\Program Files\Mozilla Firefox\xul.dll+19ce81f|C:\Program Files\Mozilla Firefox\xul.dll+19ccfc1|C:\Program Files\Mozilla Firefox\xul.dll+13c95|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+13378|C:\Program Files\Mozilla Firefox\xul.dll+9f2211|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x8000000000000000138045Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-06 08:43:33.943{6EDEAD03-61B3-615D-D602-00000000FC01}1892\chrome.1892.6.212096732C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000138044Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.943{6EDEAD03-5041-615D-1600-00000000FC01}12921348C:\Windows\system32\svchost.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000138043Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:43:33.943{6EDEAD03-61B3-615D-D602-00000000FC01}1892\chrome.1892.4.42794861C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000138042Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.943{6EDEAD03-61B3-615D-D602-00000000FC01}18926100C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+13527b|C:\Program Files\Mozilla Firefox\xul.dll+12239ed|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000138041Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:43:33.943{6EDEAD03-61B3-615D-D602-00000000FC01}1892\gecko-crash-server-pipe.1892C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000138040Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.927{6EDEAD03-5041-615D-1000-00000000FC01}3761736C:\Windows\system32\svchost.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138039Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.927{6EDEAD03-5041-615D-1000-00000000FC01}3761736C:\Windows\system32\svchost.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138038Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.927{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+ca12c4|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|C:\Program Files\Mozilla Firefox\xul.dll+16d0278|C:\Program Files\Mozilla Firefox\xul.dll+1b6aed7|C:\Program Files\Mozilla Firefox\xul.dll+17876ff|C:\Program Files\Mozilla Firefox\xul.dll+14cbf5|C:\Program Files\Mozilla Firefox\xul.dll+14cf69e|UNKNOWN(000000A1BD584A10) 10341000x8000000000000000138037Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.927{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+ca12c4|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|C:\Program Files\Mozilla Firefox\xul.dll+16d0278|C:\Program Files\Mozilla Firefox\xul.dll+1b6aed7|C:\Program Files\Mozilla Firefox\xul.dll+17876ff|C:\Program Files\Mozilla Firefox\xul.dll+14cbf5|C:\Program Files\Mozilla Firefox\xul.dll+14cf69e|UNKNOWN(000000A1BD584A10) 10341000x8000000000000000138036Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.927{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+ca12c4|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|C:\Program Files\Mozilla Firefox\xul.dll+16d0278|C:\Program Files\Mozilla Firefox\xul.dll+1b6aed7|C:\Program Files\Mozilla Firefox\xul.dll+17876ff|C:\Program Files\Mozilla Firefox\xul.dll+14cbf5|C:\Program Files\Mozilla Firefox\xul.dll+14cf69e|UNKNOWN(000000A1BD584A10) 23542300x8000000000000000138035Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.927{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=89CC7494D27CDACC5CF81FD505DF5874,SHA256=DB6E8B145E355E39C72A48992E901F64BA4DC53C1B657EEB6127DAB989FFA9E1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138034Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.927{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b66218|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138033Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.927{6EDEAD03-503F-615D-0B00-00000000FC01}624672C:\Windows\system32\lsass.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138032Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.927{6EDEAD03-503F-615D-0B00-00000000FC01}624672C:\Windows\system32\lsass.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000138031Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.912{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138030Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.912{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4efc8|C:\Program Files\Mozilla Firefox\xul.dll+a12d37|C:\Program Files\Mozilla Firefox\xul.dll+a5b7d9|C:\Program Files\Mozilla Firefox\xul.dll+e50238|C:\Program Files\Mozilla Firefox\xul.dll+19e1f56|C:\Program Files\Mozilla Firefox\xul.dll+19d6412|C:\Program Files\Mozilla Firefox\xul.dll+19ae344|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000138029Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:43:33.912{6EDEAD03-61B3-615D-D602-00000000FC01}1892\cubeb-pipe-1892-1C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000138028Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-06 08:43:33.912{6EDEAD03-61B3-615D-D602-00000000FC01}1892\cubeb-pipe-1892-1C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000138027Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.912{6EDEAD03-61B3-615D-D602-00000000FC01}18923408C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a0b461|C:\Program Files\Mozilla Firefox\xul.dll+a6c6e5|C:\Program Files\Mozilla Firefox\xul.dll+d0281|C:\Program Files\Mozilla Firefox\xul.dll+19d6412|C:\Program Files\Mozilla Firefox\xul.dll+1747b79|C:\Program Files\Mozilla Firefox\xul.dll+167b2d9|C:\Program Files\Mozilla Firefox\xul.dll+26742|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+8b45d7|C:\Program Files\Mozilla Firefox\nss3.dll+7647d|C:\Program Files\Mozilla Firefox\nss3.dll+8e401|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138026Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.912{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4efc8|C:\Program Files\Mozilla Firefox\xul.dll+a12d37|C:\Program Files\Mozilla Firefox\xul.dll+a5b7d9|C:\Program Files\Mozilla Firefox\xul.dll+e50238|C:\Program Files\Mozilla Firefox\xul.dll+19e1f56|C:\Program Files\Mozilla Firefox\xul.dll+19d6412|C:\Program Files\Mozilla Firefox\xul.dll+19ae344|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000138025Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:43:33.912{6EDEAD03-61B3-615D-D602-00000000FC01}1892\cubeb-pipe-1892-0C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000138024Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-06 08:43:33.912{6EDEAD03-61B3-615D-D602-00000000FC01}1892\cubeb-pipe-1892-0C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000138023Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2f710|C:\Program Files\Mozilla Firefox\xul.dll+e5ba99|C:\Program Files\Mozilla Firefox\xul.dll+e57449|C:\Program Files\Mozilla Firefox\xul.dll+e49022|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|C:\Program Files\Mozilla Firefox\xul.dll+16d0278|C:\Program Files\Mozilla Firefox\xul.dll+1b6aed7 10341000x8000000000000000138022Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e 10341000x8000000000000000138021Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e 10341000x8000000000000000138020Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e 10341000x8000000000000000138019Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e 10341000x8000000000000000138018Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e 10341000x8000000000000000138017Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e 10341000x8000000000000000138016Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e 10341000x8000000000000000138015Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e 10341000x8000000000000000138014Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e 10341000x8000000000000000138013Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e 10341000x8000000000000000138012Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e 10341000x8000000000000000138011Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e 10341000x8000000000000000138010Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e 10341000x8000000000000000138009Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+e48ccc|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|C:\Program Files\Mozilla Firefox\xul.dll+16d0278 10341000x8000000000000000138008Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+e48cc1|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e|C:\Program Files\Mozilla Firefox\xul.dll+17035a0 10341000x8000000000000000138007Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+e48cc1|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e|C:\Program Files\Mozilla Firefox\xul.dll+17035a0 10341000x8000000000000000138006Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+e48cc1|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e|C:\Program Files\Mozilla Firefox\xul.dll+17035a0 10341000x8000000000000000138005Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138004Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+e48c43|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|C:\Program Files\Mozilla Firefox\xul.dll+16d0278|C:\Program Files\Mozilla Firefox\xul.dll+1b6aed7|C:\Program Files\Mozilla Firefox\xul.dll+17876ff 10341000x8000000000000000138003Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+c2e55|C:\Program Files\Mozilla Firefox\xul.dll+e4891a|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|C:\Program Files\Mozilla Firefox\xul.dll+16d0278|C:\Program Files\Mozilla Firefox\xul.dll+1b6aed7 18141800x8000000000000000138002Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:43:33.896{6EDEAD03-61B5-615D-D902-00000000FC01}1040\chrome.1892.5.179435874C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000138001Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921972C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+a0942f|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+166d71b|C:\Program Files\Mozilla Firefox\xul.dll+19cd045|C:\Program Files\Mozilla Firefox\xul.dll+13c95|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+13378|C:\Program Files\Mozilla Firefox\xul.dll+9f2211|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138000Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-5041-615D-1600-00000000FC01}12921348C:\Windows\system32\svchost.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137999Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921972C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+1b80fc|C:\Program Files\Mozilla Firefox\xul.dll+a15446|C:\Program Files\Mozilla Firefox\xul.dll+a0ffef|C:\Program Files\Mozilla Firefox\xul.dll+19ce81f|C:\Program Files\Mozilla Firefox\xul.dll+19ccfc1|C:\Program Files\Mozilla Firefox\xul.dll+13c95|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+13378|C:\Program Files\Mozilla Firefox\xul.dll+9f2211|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x8000000000000000137998Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}1892\chrome.1892.5.179435874C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000137997Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}1892\chrome.1892.3.60027314C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000137996Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}18926100C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+13527b|C:\Program Files\Mozilla Firefox\xul.dll+12239ed|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000137995Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:43:33.896{6EDEAD03-61B3-615D-D602-00000000FC01}1892\gecko-crash-server-pipe.1892C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000137994Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.881{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137993Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.881{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137992Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.881{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137991Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.881{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137990Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.881{6EDEAD03-538E-615D-FD00-00000000FC01}1001288C:\Windows\system32\csrss.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137989Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.881{6EDEAD03-61B3-615D-D602-00000000FC01}18925908C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+188af|C:\Program Files\Mozilla Firefox\firefox.exe+2f07d|C:\Program Files\Mozilla Firefox\firefox.exe+2e285|C:\Program Files\Mozilla Firefox\xul.dll+1fd1d9a|C:\Program Files\Mozilla Firefox\xul.dll+a04e9a|C:\Program Files\Mozilla Firefox\xul.dll+a03065|C:\Program Files\Mozilla Firefox\xul.dll+a0a25e|C:\Program Files\Mozilla Firefox\xul.dll+8b1df0|C:\Program Files\Mozilla Firefox\xul.dll+167b2d9|C:\Program Files\Mozilla Firefox\xul.dll+2680a|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+8b45d7|C:\Program Files\Mozilla Firefox\nss3.dll+7647d|C:\Program Files\Mozilla Firefox\nss3.dll+8e401|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137988Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.894{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe92.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1892.4.427948615\1429646419" -childID 3 -isForBrowser -prefsHandle 2812 -prefMapHandle 2816 -prefsLen 1809 -prefMapSize 235910 -jsInit 1128 285716 -parentBuildID 20210922161155 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1892 "\\.\pipe\gecko-crash-server-pipe.1892" 2852 1dae3807938 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6EDEAD03-5390-615D-37C9-0C0000000000}0xcc9372LowMD5=DBDB3EFACC3D9039A4F5703662099178,SHA256=534A44A08893AFBE78E04B4CFF80BD00BFC40562A923E8AF38E240227A643FFB,IMPHASH=AECE7B7E776840D7A7255A31B309B7E4{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 17141700x8000000000000000137987Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-06 08:43:33.881{6EDEAD03-61B3-615D-D602-00000000FC01}1892\chrome.1892.4.42794861C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000137986Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.865{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E2DF622A061C3E48E84B49CD2540CCD8,SHA256=50C141720882143B11A7B0D08D2481A94E1E7A72EDDC40B310B3C1CF772AF6E4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137985Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.849{6EDEAD03-5041-615D-1000-00000000FC01}3761736C:\Windows\system32\svchost.exe{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137984Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2f710|C:\Program Files\Mozilla Firefox\xul.dll+e5ba99|C:\Program Files\Mozilla Firefox\xul.dll+e57449|C:\Program Files\Mozilla Firefox\xul.dll+e49022|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+274461|C:\Program Files\Mozilla Firefox\xul.dll+38136e|C:\Program Files\Mozilla Firefox\xul.dll+cfeed6|C:\Program Files\Mozilla Firefox\xul.dll+176953f|C:\Program Files\Mozilla Firefox\xul.dll+16fdc02|C:\Program Files\Mozilla Firefox\xul.dll+16d21c4|C:\Program Files\Mozilla Firefox\xul.dll+1b6175d|C:\Program Files\Mozilla Firefox\xul.dll+16fe0ad 10341000x8000000000000000137983Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+274461|C:\Program Files\Mozilla Firefox\xul.dll+38136e|C:\Program Files\Mozilla Firefox\xul.dll+cfeed6|C:\Program Files\Mozilla Firefox\xul.dll+176953f|C:\Program Files\Mozilla Firefox\xul.dll+16fdc02 10341000x8000000000000000137982Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+274461|C:\Program Files\Mozilla Firefox\xul.dll+38136e|C:\Program Files\Mozilla Firefox\xul.dll+cfeed6|C:\Program Files\Mozilla Firefox\xul.dll+176953f|C:\Program Files\Mozilla Firefox\xul.dll+16fdc02 10341000x8000000000000000137981Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+274461|C:\Program Files\Mozilla Firefox\xul.dll+38136e|C:\Program Files\Mozilla Firefox\xul.dll+cfeed6|C:\Program Files\Mozilla Firefox\xul.dll+176953f|C:\Program Files\Mozilla Firefox\xul.dll+16fdc02 10341000x8000000000000000137980Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+274461|C:\Program Files\Mozilla Firefox\xul.dll+38136e|C:\Program Files\Mozilla Firefox\xul.dll+cfeed6|C:\Program Files\Mozilla Firefox\xul.dll+176953f|C:\Program Files\Mozilla Firefox\xul.dll+16fdc02 10341000x8000000000000000137979Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+274461|C:\Program Files\Mozilla Firefox\xul.dll+38136e|C:\Program Files\Mozilla Firefox\xul.dll+cfeed6|C:\Program Files\Mozilla Firefox\xul.dll+176953f|C:\Program Files\Mozilla Firefox\xul.dll+16fdc02 10341000x8000000000000000137978Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+274461|C:\Program Files\Mozilla Firefox\xul.dll+38136e|C:\Program Files\Mozilla Firefox\xul.dll+cfeed6|C:\Program Files\Mozilla Firefox\xul.dll+176953f|C:\Program Files\Mozilla Firefox\xul.dll+16fdc02 10341000x8000000000000000137977Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+274461|C:\Program Files\Mozilla Firefox\xul.dll+38136e|C:\Program Files\Mozilla Firefox\xul.dll+cfeed6|C:\Program Files\Mozilla Firefox\xul.dll+176953f|C:\Program Files\Mozilla Firefox\xul.dll+16fdc02 10341000x8000000000000000137976Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+274461|C:\Program Files\Mozilla Firefox\xul.dll+38136e|C:\Program Files\Mozilla Firefox\xul.dll+cfeed6|C:\Program Files\Mozilla Firefox\xul.dll+176953f|C:\Program Files\Mozilla Firefox\xul.dll+16fdc02 10341000x8000000000000000137975Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+274461|C:\Program Files\Mozilla Firefox\xul.dll+38136e|C:\Program Files\Mozilla Firefox\xul.dll+cfeed6|C:\Program Files\Mozilla Firefox\xul.dll+176953f|C:\Program Files\Mozilla Firefox\xul.dll+16fdc02 10341000x8000000000000000137974Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+274461|C:\Program Files\Mozilla Firefox\xul.dll+38136e|C:\Program Files\Mozilla Firefox\xul.dll+cfeed6|C:\Program Files\Mozilla Firefox\xul.dll+176953f|C:\Program Files\Mozilla Firefox\xul.dll+16fdc02 10341000x8000000000000000137973Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+274461|C:\Program Files\Mozilla Firefox\xul.dll+38136e|C:\Program Files\Mozilla Firefox\xul.dll+cfeed6|C:\Program Files\Mozilla Firefox\xul.dll+176953f|C:\Program Files\Mozilla Firefox\xul.dll+16fdc02 10341000x8000000000000000137972Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+274461|C:\Program Files\Mozilla Firefox\xul.dll+38136e|C:\Program Files\Mozilla Firefox\xul.dll+cfeed6|C:\Program Files\Mozilla Firefox\xul.dll+176953f|C:\Program Files\Mozilla Firefox\xul.dll+16fdc02 10341000x8000000000000000137971Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+274461|C:\Program Files\Mozilla Firefox\xul.dll+38136e|C:\Program Files\Mozilla Firefox\xul.dll+cfeed6|C:\Program Files\Mozilla Firefox\xul.dll+176953f|C:\Program Files\Mozilla Firefox\xul.dll+16fdc02 10341000x8000000000000000137970Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+e48ccc|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+274461|C:\Program Files\Mozilla Firefox\xul.dll+38136e|C:\Program Files\Mozilla Firefox\xul.dll+cfeed6|C:\Program Files\Mozilla Firefox\xul.dll+176953f|C:\Program Files\Mozilla Firefox\xul.dll+16fdc02|C:\Program Files\Mozilla Firefox\xul.dll+16d21c4|C:\Program Files\Mozilla Firefox\xul.dll+1b6175d 10341000x8000000000000000137969Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+e48cc1|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+274461|C:\Program Files\Mozilla Firefox\xul.dll+38136e|C:\Program Files\Mozilla Firefox\xul.dll+cfeed6|C:\Program Files\Mozilla Firefox\xul.dll+176953f|C:\Program Files\Mozilla Firefox\xul.dll+16fdc02|C:\Program Files\Mozilla Firefox\xul.dll+16d21c4 10341000x8000000000000000137968Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+e48cc1|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+274461|C:\Program Files\Mozilla Firefox\xul.dll+38136e|C:\Program Files\Mozilla Firefox\xul.dll+cfeed6|C:\Program Files\Mozilla Firefox\xul.dll+176953f|C:\Program Files\Mozilla Firefox\xul.dll+16fdc02|C:\Program Files\Mozilla Firefox\xul.dll+16d21c4 10341000x8000000000000000137967Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+e48c43|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+274461|C:\Program Files\Mozilla Firefox\xul.dll+38136e|C:\Program Files\Mozilla Firefox\xul.dll+cfeed6|C:\Program Files\Mozilla Firefox\xul.dll+176953f|C:\Program Files\Mozilla Firefox\xul.dll+16fdc02|C:\Program Files\Mozilla Firefox\xul.dll+16d21c4|C:\Program Files\Mozilla Firefox\xul.dll+1b6175d|C:\Program Files\Mozilla Firefox\xul.dll+16fe0ad|C:\Program Files\Mozilla Firefox\xul.dll+16d21c4 10341000x8000000000000000137966Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+c2e55|C:\Program Files\Mozilla Firefox\xul.dll+e4891a|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+274461|C:\Program Files\Mozilla Firefox\xul.dll+38136e|C:\Program Files\Mozilla Firefox\xul.dll+cfeed6|C:\Program Files\Mozilla Firefox\xul.dll+176953f|C:\Program Files\Mozilla Firefox\xul.dll+16fdc02|C:\Program Files\Mozilla Firefox\xul.dll+16d21c4|C:\Program Files\Mozilla Firefox\xul.dll+1b6175d|C:\Program Files\Mozilla Firefox\xul.dll+16fe0ad 10341000x8000000000000000137965Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-61B3-615D-D602-00000000FC01}18921972C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+a0942f|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+166d71b|C:\Program Files\Mozilla Firefox\xul.dll+19cd045|C:\Program Files\Mozilla Firefox\xul.dll+13c95|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+13378|C:\Program Files\Mozilla Firefox\xul.dll+9f2211|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137964Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137963Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137962Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137961Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137960Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-538E-615D-FD00-00000000FC01}1001332C:\Windows\system32\csrss.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137959Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.818{6EDEAD03-61B3-615D-D602-00000000FC01}18925908C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+188af|C:\Program Files\Mozilla Firefox\firefox.exe+2f07d|C:\Program Files\Mozilla Firefox\firefox.exe+2e285|C:\Program Files\Mozilla Firefox\xul.dll+1fd1d9a|C:\Program Files\Mozilla Firefox\xul.dll+a04e9a|C:\Program Files\Mozilla Firefox\xul.dll+a03065|C:\Program Files\Mozilla Firefox\xul.dll+a0a25e|C:\Program Files\Mozilla Firefox\xul.dll+8b1df0|C:\Program Files\Mozilla Firefox\xul.dll+167b2d9|C:\Program Files\Mozilla Firefox\xul.dll+2680a|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+8b45d7|C:\Program Files\Mozilla Firefox\nss3.dll+7647d|C:\Program Files\Mozilla Firefox\nss3.dll+8e401|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137958Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.833{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe92.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1892.3.600273140\858900601" -childID 2 -isForBrowser -prefsHandle 2676 -prefMapHandle 2672 -prefsLen 1769 -prefMapSize 235910 -jsInit 1128 285716 -parentBuildID 20210922161155 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1892 "\\.\pipe\gecko-crash-server-pipe.1892" 2688 1dae3808f38 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6EDEAD03-5390-615D-37C9-0C0000000000}0xcc9372LowMD5=DBDB3EFACC3D9039A4F5703662099178,SHA256=534A44A08893AFBE78E04B4CFF80BD00BFC40562A923E8AF38E240227A643FFB,IMPHASH=AECE7B7E776840D7A7255A31B309B7E4{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 17141700x8000000000000000137957Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-06 08:43:33.818{6EDEAD03-61B3-615D-D602-00000000FC01}1892\chrome.1892.3.60027314C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000137956Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.802{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+ed6d5e|C:\Program Files\Mozilla Firefox\xul.dll+289542|C:\Program Files\Mozilla Firefox\xul.dll+28882f|C:\Program Files\Mozilla Firefox\xul.dll+28861a|C:\Program Files\Mozilla Firefox\xul.dll+eeff55|C:\Program Files\Mozilla Firefox\xul.dll+18b861a|C:\Program Files\Mozilla Firefox\xul.dll+1acc418|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1ace974|C:\Program Files\Mozilla Firefox\xul.dll+177715e|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+274461|C:\Program Files\Mozilla Firefox\xul.dll+38136e|C:\Program Files\Mozilla Firefox\xul.dll+cfeed6 10341000x8000000000000000137955Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.802{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+ed6d37|C:\Program Files\Mozilla Firefox\xul.dll+289542|C:\Program Files\Mozilla Firefox\xul.dll+28882f|C:\Program Files\Mozilla Firefox\xul.dll+28861a|C:\Program Files\Mozilla Firefox\xul.dll+eeff55|C:\Program Files\Mozilla Firefox\xul.dll+18b861a|C:\Program Files\Mozilla Firefox\xul.dll+1acc418|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1ace974|C:\Program Files\Mozilla Firefox\xul.dll+177715e|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+274461|C:\Program Files\Mozilla Firefox\xul.dll+38136e|C:\Program Files\Mozilla Firefox\xul.dll+cfeed6 10341000x8000000000000000137954Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.802{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+ed6d0c|C:\Program Files\Mozilla Firefox\xul.dll+289542|C:\Program Files\Mozilla Firefox\xul.dll+28882f|C:\Program Files\Mozilla Firefox\xul.dll+28861a|C:\Program Files\Mozilla Firefox\xul.dll+eeff55|C:\Program Files\Mozilla Firefox\xul.dll+18b861a|C:\Program Files\Mozilla Firefox\xul.dll+1acc418|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1ace974|C:\Program Files\Mozilla Firefox\xul.dll+177715e|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+274461|C:\Program Files\Mozilla Firefox\xul.dll+38136e|C:\Program Files\Mozilla Firefox\xul.dll+cfeed6 23542300x8000000000000000137953Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.802{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-walMD5=B0561F7AB6486B117E22E81F4D45AA25,SHA256=8213279474086494ED22688508C25914E0BFDC8D14812562C54092840DC0A361,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137952Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.802{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shmMD5=D1A56729D53E08C82FA97E7C1B4A584C,SHA256=80B1AB724FFCD0FE94A59E897DE9752D0825EE5B805D362201039655FC9C928E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137951Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.802{6EDEAD03-5041-615D-1000-00000000FC01}3761736C:\Windows\system32\svchost.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137950Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.787{6EDEAD03-5041-615D-1000-00000000FC01}3761736C:\Windows\system32\svchost.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137949Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.787{6EDEAD03-503F-615D-0B00-00000000FC01}624672C:\Windows\system32\lsass.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137948Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.787{6EDEAD03-503F-615D-0B00-00000000FC01}624672C:\Windows\system32\lsass.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000137947Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.787{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-journalMD5=FF02F055B0ABA28C4ADDCC05423DAC25,SHA256=99EC4E44C3ED0883262B22740D729329920984AE4E1EBDCC43772B218B571004,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137946Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.771{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-journalMD5=A5101E29C9A18EB6F50D8B94B9C6D075,SHA256=3C2E21B1B4E3941986772245A39195442A77E3E7E39FFFE3EFFD0E880099E9A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137945Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.771{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D7F2617D661831E7CE1E585A2B5A2D49,SHA256=0B08386783BD3EE21168D57FEC29301F42C099EA15E2EC2774DD5B22A0A27259,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137944Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.755{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000137943Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:43:33.755{6EDEAD03-61B5-615D-D902-00000000FC01}1040\chrome.1892.2.72596388C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000137942Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.755{6EDEAD03-61B3-615D-D602-00000000FC01}18921972C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+1b80fc|C:\Program Files\Mozilla Firefox\xul.dll+a15446|C:\Program Files\Mozilla Firefox\xul.dll+a0ffef|C:\Program Files\Mozilla Firefox\xul.dll+19ce81f|C:\Program Files\Mozilla Firefox\xul.dll+19cd1ec|C:\Program Files\Mozilla Firefox\xul.dll+13c95|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+13378|C:\Program Files\Mozilla Firefox\xul.dll+9f2211|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137941Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.755{6EDEAD03-5041-615D-1600-00000000FC01}12921348C:\Windows\system32\svchost.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x8000000000000000137940Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-06 08:43:33.755{6EDEAD03-61B3-615D-D602-00000000FC01}1892\chrome.1892.2.72596388C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000137939Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:43:33.755{6EDEAD03-61B3-615D-D602-00000000FC01}1892\chrome.1892.1.19837088C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000137938Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.755{6EDEAD03-61B3-615D-D602-00000000FC01}18926100C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+13527b|C:\Program Files\Mozilla Firefox\xul.dll+12239ed|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000137937Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:43:33.755{6EDEAD03-61B3-615D-D602-00000000FC01}1892\gecko-crash-server-pipe.1892C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000137936Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.755{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0DACF0A0ABEAC5EFFA285DB55248796,SHA256=746E11C8CE3E0D720F942DF062AE4FBAB88E4E116676F8F5F85DD0711FEEC111,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137935Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.740{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b5f98a|C:\Program Files\Mozilla Firefox\xul.dll+2dbf19|C:\Program Files\Mozilla Firefox\xul.dll+2dbe24|C:\Program Files\Mozilla Firefox\xul.dll+2dbc0d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaa4|C:\Program Files\Mozilla Firefox\xul.dll+bab3e3|C:\Program Files\Mozilla Firefox\xul.dll+bac0d1|C:\Program Files\Mozilla Firefox\xul.dll+bab0dd|C:\Program Files\Mozilla Firefox\xul.dll+bab032|C:\Program Files\Mozilla Firefox\xul.dll+b7c131|C:\Program Files\Mozilla Firefox\xul.dll+1a25c2a|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a 10341000x8000000000000000137934Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.740{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b5f98a|C:\Program Files\Mozilla Firefox\xul.dll+2dbf19|C:\Program Files\Mozilla Firefox\xul.dll+2dbe24|C:\Program Files\Mozilla Firefox\xul.dll+2dbc0d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaa4|C:\Program Files\Mozilla Firefox\xul.dll+bab3e3|C:\Program Files\Mozilla Firefox\xul.dll+bac0d1|C:\Program Files\Mozilla Firefox\xul.dll+bab0dd|C:\Program Files\Mozilla Firefox\xul.dll+bab032|C:\Program Files\Mozilla Firefox\xul.dll+b7c131|C:\Program Files\Mozilla Firefox\xul.dll+1a25c2a|C:\Program Files\Mozilla Firefox\xul.dll+fe1f1e|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04 10341000x8000000000000000137933Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.740{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b5f98a|C:\Program Files\Mozilla Firefox\xul.dll+2dbf19|C:\Program Files\Mozilla Firefox\xul.dll+2dbe24|C:\Program Files\Mozilla Firefox\xul.dll+2dbc0d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaa4|C:\Program Files\Mozilla Firefox\xul.dll+bab3e3|C:\Program Files\Mozilla Firefox\xul.dll+bac0d1|C:\Program Files\Mozilla Firefox\xul.dll+bab0dd|C:\Program Files\Mozilla Firefox\xul.dll+bab032|C:\Program Files\Mozilla Firefox\xul.dll+b7c131|C:\Program Files\Mozilla Firefox\xul.dll+1a25c2a|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a 10341000x8000000000000000137932Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.740{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b5f98a|C:\Program Files\Mozilla Firefox\xul.dll+2dbf19|C:\Program Files\Mozilla Firefox\xul.dll+2dbe24|C:\Program Files\Mozilla Firefox\xul.dll+2dbc0d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaa4|C:\Program Files\Mozilla Firefox\xul.dll+bab3e3|C:\Program Files\Mozilla Firefox\xul.dll+bac0d1|C:\Program Files\Mozilla Firefox\xul.dll+bab0dd|C:\Program Files\Mozilla Firefox\xul.dll+bab032|C:\Program Files\Mozilla Firefox\xul.dll+b7c131|C:\Program Files\Mozilla Firefox\xul.dll+1a25c2a|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a 10341000x8000000000000000137931Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.740{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b5f98a|C:\Program Files\Mozilla Firefox\xul.dll+2dbf19|C:\Program Files\Mozilla Firefox\xul.dll+2dbe24|C:\Program Files\Mozilla Firefox\xul.dll+2dbc0d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaa4|C:\Program Files\Mozilla Firefox\xul.dll+bab3e3|C:\Program Files\Mozilla Firefox\xul.dll+bac0d1|C:\Program Files\Mozilla Firefox\xul.dll+bab0dd|C:\Program Files\Mozilla Firefox\xul.dll+bab032|C:\Program Files\Mozilla Firefox\xul.dll+b7c131|C:\Program Files\Mozilla Firefox\xul.dll+1a25c2a|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a 10341000x8000000000000000137930Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.740{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b5f98a|C:\Program Files\Mozilla Firefox\xul.dll+2dbf19|C:\Program Files\Mozilla Firefox\xul.dll+2dbe24|C:\Program Files\Mozilla Firefox\xul.dll+2dbc0d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaa4|C:\Program Files\Mozilla Firefox\xul.dll+bab3e3|C:\Program Files\Mozilla Firefox\xul.dll+bac0d1|C:\Program Files\Mozilla Firefox\xul.dll+bab0dd|C:\Program Files\Mozilla Firefox\xul.dll+bab032|C:\Program Files\Mozilla Firefox\xul.dll+b7c131|C:\Program Files\Mozilla Firefox\xul.dll+1a25c2a|C:\Program Files\Mozilla Firefox\xul.dll+fe1f1e|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04 10341000x8000000000000000137929Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.740{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b5f98a|C:\Program Files\Mozilla Firefox\xul.dll+2dbf19|C:\Program Files\Mozilla Firefox\xul.dll+2dbe24|C:\Program Files\Mozilla Firefox\xul.dll+2dbc0d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaa4|C:\Program Files\Mozilla Firefox\xul.dll+bab3e3|C:\Program Files\Mozilla Firefox\xul.dll+bac0d1|C:\Program Files\Mozilla Firefox\xul.dll+bab0dd|C:\Program Files\Mozilla Firefox\xul.dll+bab032|C:\Program Files\Mozilla Firefox\xul.dll+b7c131|C:\Program Files\Mozilla Firefox\xul.dll+1a25c2a|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a 10341000x8000000000000000137928Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.740{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b5f98a|C:\Program Files\Mozilla Firefox\xul.dll+2dbf19|C:\Program Files\Mozilla Firefox\xul.dll+2dbe24|C:\Program Files\Mozilla Firefox\xul.dll+2dbc0d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaa4|C:\Program Files\Mozilla Firefox\xul.dll+bab3e3|C:\Program Files\Mozilla Firefox\xul.dll+bac0d1|C:\Program Files\Mozilla Firefox\xul.dll+bab0dd|C:\Program Files\Mozilla Firefox\xul.dll+bab032|C:\Program Files\Mozilla Firefox\xul.dll+b7c131|C:\Program Files\Mozilla Firefox\xul.dll+1a25c2a|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a 10341000x8000000000000000137927Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.724{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b5f98a|C:\Program Files\Mozilla Firefox\xul.dll+2dbf19|C:\Program Files\Mozilla Firefox\xul.dll+2dbe24|C:\Program Files\Mozilla Firefox\xul.dll+2dbc0d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaa4|C:\Program Files\Mozilla Firefox\xul.dll+bab3e3|C:\Program Files\Mozilla Firefox\xul.dll+bac0d1|C:\Program Files\Mozilla Firefox\xul.dll+bab0dd|C:\Program Files\Mozilla Firefox\xul.dll+bab032|C:\Program Files\Mozilla Firefox\xul.dll+b7c131|C:\Program Files\Mozilla Firefox\xul.dll+1a25c2a|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a 10341000x8000000000000000137926Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.724{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2f710|C:\Program Files\Mozilla Firefox\xul.dll+e5ba99|C:\Program Files\Mozilla Firefox\xul.dll+e57449|C:\Program Files\Mozilla Firefox\xul.dll+e49022|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|C:\Program Files\Mozilla Firefox\xul.dll+16d0278|C:\Program Files\Mozilla Firefox\xul.dll+1b6aed7 10341000x8000000000000000137925Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.724{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e 10341000x8000000000000000137924Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.724{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e 10341000x8000000000000000137923Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.724{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e 10341000x8000000000000000137922Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.724{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e 10341000x8000000000000000137921Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.724{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e 10341000x8000000000000000137920Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.724{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e 10341000x8000000000000000137919Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.724{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e 10341000x8000000000000000137918Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.724{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e 10341000x8000000000000000137917Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.724{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e 10341000x8000000000000000137916Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.724{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e 10341000x8000000000000000137915Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.724{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e 10341000x8000000000000000137914Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.724{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e 10341000x8000000000000000137913Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.724{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e 10341000x8000000000000000137912Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.724{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+e48ccc|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|C:\Program Files\Mozilla Firefox\xul.dll+16d0278 10341000x8000000000000000137911Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.724{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+e48c43|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|C:\Program Files\Mozilla Firefox\xul.dll+16d0278|C:\Program Files\Mozilla Firefox\xul.dll+1b6aed7|C:\Program Files\Mozilla Firefox\xul.dll+1b73e11 10341000x8000000000000000137910Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.724{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+c2e55|C:\Program Files\Mozilla Firefox\xul.dll+e4891a|C:\Program Files\Mozilla Firefox\xul.dll+e4828c|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+26cb90|C:\Program Files\Mozilla Firefox\xul.dll+23a9a5|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+184a149|C:\Program Files\Mozilla Firefox\xul.dll+1a5e24e|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|C:\Program Files\Mozilla Firefox\xul.dll+16d0278|C:\Program Files\Mozilla Firefox\xul.dll+1b6aed7 10341000x8000000000000000137909Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.724{6EDEAD03-61B3-615D-D602-00000000FC01}18921972C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+a0942f|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+166d71b|C:\Program Files\Mozilla Firefox\xul.dll+19cd045|C:\Program Files\Mozilla Firefox\xul.dll+13c95|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+13378|C:\Program Files\Mozilla Firefox\xul.dll+9f2211|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137908Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.708{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137907Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.708{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137906Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.708{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137905Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.708{6EDEAD03-538E-615D-FD00-00000000FC01}1001332C:\Windows\system32\csrss.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137904Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.708{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137903Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.708{6EDEAD03-61B3-615D-D602-00000000FC01}18925908C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+188af|C:\Program Files\Mozilla Firefox\firefox.exe+2f07d|C:\Program Files\Mozilla Firefox\firefox.exe+2e285|C:\Program Files\Mozilla Firefox\xul.dll+1fd1d9a|C:\Program Files\Mozilla Firefox\xul.dll+a04e9a|C:\Program Files\Mozilla Firefox\xul.dll+a03065|C:\Program Files\Mozilla Firefox\xul.dll+a0a25e|C:\Program Files\Mozilla Firefox\xul.dll+8b1df0|C:\Program Files\Mozilla Firefox\xul.dll+167b2d9|C:\Program Files\Mozilla Firefox\xul.dll+2680a|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+8b45d7|C:\Program Files\Mozilla Firefox\nss3.dll+7647d|C:\Program Files\Mozilla Firefox\nss3.dll+8e401|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137902Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.719{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe92.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1892.1.198370882\1160981947" -childID 1 -isForBrowser -prefsHandle 1452 -prefMapHandle 2168 -prefsLen 1626 -prefMapSize 235910 -jsInit 1128 285716 -parentBuildID 20210922161155 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1892 "\\.\pipe\gecko-crash-server-pipe.1892" 2400 1dadfe62538 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6EDEAD03-5390-615D-37C9-0C0000000000}0xcc9372LowMD5=DBDB3EFACC3D9039A4F5703662099178,SHA256=534A44A08893AFBE78E04B4CFF80BD00BFC40562A923E8AF38E240227A643FFB,IMPHASH=AECE7B7E776840D7A7255A31B309B7E4{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 17141700x8000000000000000137901Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-06 08:43:33.708{6EDEAD03-61B3-615D-D602-00000000FC01}1892\chrome.1892.1.19837088C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000137900Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.693{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137899Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.677{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+ed6d5e|C:\Program Files\Mozilla Firefox\xul.dll+289542|C:\Program Files\Mozilla Firefox\xul.dll+28882f|C:\Program Files\Mozilla Firefox\xul.dll+28861a|C:\Program Files\Mozilla Firefox\xul.dll+eeff55|C:\Program Files\Mozilla Firefox\xul.dll+18b861a|C:\Program Files\Mozilla Firefox\xul.dll+1acc418|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1ace974|C:\Program Files\Mozilla Firefox\xul.dll+177715e|C:\Program Files\Mozilla Firefox\xul.dll+f245a2|C:\Program Files\Mozilla Firefox\xul.dll+1acb272|C:\Program Files\Mozilla Firefox\xul.dll+17779b9|C:\Program Files\Mozilla Firefox\xul.dll+1ac1e2c|C:\Program Files\Mozilla Firefox\xul.dll+f1bcd0|C:\Program Files\Mozilla Firefox\xul.dll+f1bb45|C:\Program Files\Mozilla Firefox\xul.dll+f1b6d4|C:\Program Files\Mozilla Firefox\xul.dll+f1b179|C:\Program Files\Mozilla Firefox\xul.dll+f1bdaf|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1 10341000x8000000000000000137898Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.677{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+ed6d37|C:\Program Files\Mozilla Firefox\xul.dll+289542|C:\Program Files\Mozilla Firefox\xul.dll+28882f|C:\Program Files\Mozilla Firefox\xul.dll+28861a|C:\Program Files\Mozilla Firefox\xul.dll+eeff55|C:\Program Files\Mozilla Firefox\xul.dll+18b861a|C:\Program Files\Mozilla Firefox\xul.dll+1acc418|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1ace974|C:\Program Files\Mozilla Firefox\xul.dll+177715e|C:\Program Files\Mozilla Firefox\xul.dll+f245a2|C:\Program Files\Mozilla Firefox\xul.dll+1acb272|C:\Program Files\Mozilla Firefox\xul.dll+17779b9|C:\Program Files\Mozilla Firefox\xul.dll+1ac1e2c|C:\Program Files\Mozilla Firefox\xul.dll+f1bcd0|C:\Program Files\Mozilla Firefox\xul.dll+f1bb45|C:\Program Files\Mozilla Firefox\xul.dll+f1b6d4|C:\Program Files\Mozilla Firefox\xul.dll+f1b179|C:\Program Files\Mozilla Firefox\xul.dll+f1bdaf|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1 10341000x8000000000000000137897Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.677{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+ed6d0c|C:\Program Files\Mozilla Firefox\xul.dll+289542|C:\Program Files\Mozilla Firefox\xul.dll+28882f|C:\Program Files\Mozilla Firefox\xul.dll+28861a|C:\Program Files\Mozilla Firefox\xul.dll+eeff55|C:\Program Files\Mozilla Firefox\xul.dll+18b861a|C:\Program Files\Mozilla Firefox\xul.dll+1acc418|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1ace974|C:\Program Files\Mozilla Firefox\xul.dll+177715e|C:\Program Files\Mozilla Firefox\xul.dll+f245a2|C:\Program Files\Mozilla Firefox\xul.dll+1acb272|C:\Program Files\Mozilla Firefox\xul.dll+17779b9|C:\Program Files\Mozilla Firefox\xul.dll+1ac1e2c|C:\Program Files\Mozilla Firefox\xul.dll+f1bcd0|C:\Program Files\Mozilla Firefox\xul.dll+f1bb45|C:\Program Files\Mozilla Firefox\xul.dll+f1b6d4|C:\Program Files\Mozilla Firefox\xul.dll+f1b179|C:\Program Files\Mozilla Firefox\xul.dll+f1bdaf|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1 23542300x8000000000000000137896Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.583{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-walMD5=7D05E846361F9D189F379AFA91D20D33,SHA256=E77BE958C9E543C7E197D684808360330904A3EFD8E1501CC7D80893C67F13EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137895Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.583{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shmMD5=F4454AAA50BEACDFB56F2D2127E9A7F9,SHA256=D8E6F0C3F876166428759718D2D3183713B31EEF0313CC5BF811464701F00544,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137894Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.568{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-journalMD5=4BC47EB646E43B20CD9AA4CF02FFAB48,SHA256=FC882DF29E83C552F6B516FFF26C375958BC705C57C36B1A03EDF67E5C4144F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137893Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.568{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-journalMD5=F7D3461B9DA98ECF175DCD848D1D71B6,SHA256=0604D6857254EDE8D93137D0540B01657679FAC257D358031FD5981E20259D0F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137892Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.552{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-walMD5=30D24479CE27BB014C6E723AF174FE2F,SHA256=79183DF78AFA77900A358DEC6AE260F44E4BB505DE2479B17D72A34A02F864DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137891Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.552{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=0A3A9C46DF4D39EA7972AB55FCF57C5F,SHA256=DBB230808CF83887DE12A58CFFACEEBF17DAC3AAE6953889ABFC52A6B6D05984,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137890Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.537{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-journalMD5=3978B2EB4472EA2688964660F7C450C1,SHA256=7233A7A0227E0774B85E04709BF428A468BA10FC72E9A73BA03E181D374DDFF3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137889Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.537{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-journalMD5=7AB2A1987D8D3AEF6BB3F4343D701716,SHA256=4EBEF09448E08C5F6E7722D567EB8506C617384AE9FF9DDA5EBCF04ABCCC452A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137888Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.521{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage.sqlite-journalMD5=823CAB9A070CE5546172F6514A71BC82,SHA256=22125C6D8D1DE78138FEC555826759E0AA6AC90E20335948306A2D10CCFA6A57,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137887Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.521{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage.sqlite-journalMD5=34C3C17FC6BFF8A42EFD7AAD02B0ECB4,SHA256=40E2F81D98BB6CF284F14E3E608259C4D1BBC7F0EE2CDD9C94031BCDA6A5BEAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137886Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.505{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\ls-archive.sqlite-journalMD5=EFC1A9B0E56DF4591CCF3CC8257D1BFB,SHA256=FD769BB0DB289A2A6B8C986450DADBA01DD4B51B0791652031CAC78EB6852E61,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137885Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.505{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\ls-archive.sqlite-journalMD5=D9CA26579460646967DB5ABB2FDC5E6F,SHA256=31445EDD2F3652E92BCA7229436F31912B07E5AC34480E17FC4612F74BF3B317,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137884Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.490{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\ls-archive.sqlite-journalMD5=56E04E0D8D06009D60CBDD996566C41C,SHA256=A3A0E67527C8A7BCAF930ACFCD4A960D1792891D91E17C7F3D45AA956710481D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137883Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.490{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\ls-archive.sqlite-journalMD5=E16BD74F1335FA459B22886D8020DB1D,SHA256=5801DD64F7B525A0659C765EFF279E43403FA340C324AECEA54E479FC9C35670,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137882Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.474{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage.sqlite-journalMD5=CF63F70773A1D0F022EEB2229FF21DA3,SHA256=C615A1452A75D3CD5333BCE3138F3DDA90B2C819B75C0ABC58CBCE57762D0112,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137881Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.474{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\times.jsonMD5=E66192E1AC6219863DD6B3FD7A6B89F5,SHA256=E897B76F86E935E26A5D9AC247A5F8F19A75F7BDA7C5A909385C587342C795D7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000137880Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.349{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137879Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.349{6EDEAD03-5041-615D-1600-00000000FC01}12921948C:\Windows\system32\svchost.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137878Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.349{6EDEAD03-5041-615D-1600-00000000FC01}12921348C:\Windows\system32\svchost.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000137877Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:43:33.333{6EDEAD03-61B5-615D-D902-00000000FC01}1040\chrome.1892.0.173647135C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000137876Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.333{6EDEAD03-61B3-615D-D602-00000000FC01}18926100C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+13527b|C:\Program Files\Mozilla Firefox\xul.dll+12239ed|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000137875Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:43:33.333{6EDEAD03-61B5-615D-D902-00000000FC01}1040\gecko-crash-server-pipe.1892C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000137874Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.318{6EDEAD03-5041-615D-1000-00000000FC01}3761736C:\Windows\system32\svchost.exe{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137873Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.318{6EDEAD03-5041-615D-1000-00000000FC01}3761736C:\Windows\system32\svchost.exe{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137872Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.302{6EDEAD03-61B3-615D-D602-00000000FC01}18921972C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+a0942f|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+166d71b|C:\Program Files\Mozilla Firefox\xul.dll+19cd045|C:\Program Files\Mozilla Firefox\xul.dll+13c95|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+13378|C:\Program Files\Mozilla Firefox\xul.dll+9f2211|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137871Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.302{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137870Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.302{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137869Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.302{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137868Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.302{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137867Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.302{6EDEAD03-538E-615D-FD00-00000000FC01}1004524C:\Windows\system32\csrss.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137866Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.302{6EDEAD03-61B3-615D-D602-00000000FC01}18925908C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Mozilla Firefox\xul.dll+1763224|C:\Program Files\Mozilla Firefox\xul.dll+a04d19|C:\Program Files\Mozilla Firefox\xul.dll+a03065|C:\Program Files\Mozilla Firefox\xul.dll+a0a25e|C:\Program Files\Mozilla Firefox\xul.dll+8b1df0|C:\Program Files\Mozilla Firefox\xul.dll+167b2d9|C:\Program Files\Mozilla Firefox\xul.dll+2680a|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+8b45d7|C:\Program Files\Mozilla Firefox\nss3.dll+7647d|C:\Program Files\Mozilla Firefox\nss3.dll+8e401|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137865Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.305{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe92.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1892.0.1736471353\779590223" -parentBuildID 20210922161155 -prefsHandle 1760 -prefMapHandle 1684 -prefsLen 1 -prefMapSize 235910 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1892 "\\.\pipe\gecko-crash-server-pipe.1892" 1832 1dade6bc938 gpuC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6EDEAD03-5390-615D-37C9-0C0000000000}0xcc9372MediumMD5=DBDB3EFACC3D9039A4F5703662099178,SHA256=534A44A08893AFBE78E04B4CFF80BD00BFC40562A923E8AF38E240227A643FFB,IMPHASH=AECE7B7E776840D7A7255A31B309B7E4{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 17141700x8000000000000000137864Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-06 08:43:33.302{6EDEAD03-61B3-615D-D602-00000000FC01}1892\chrome.1892.0.173647135C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000137863Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-06 08:43:33.302{6EDEAD03-61B3-615D-D602-00000000FC01}1892\gecko-crash-server-pipe.1892C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000137862Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.287{6EDEAD03-5391-615D-0801-00000000FC01}43684476C:\Windows\system32\taskhostw.exe{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137861Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.287{6EDEAD03-5391-615D-0801-00000000FC01}43684476C:\Windows\system32\taskhostw.exe{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137860Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.287{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137859Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.287{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000137858Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.287{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000137857Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:30.784{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54831- 10341000x8000000000000000137856Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.177{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-61B5-615D-D802-00000000FC01}2212C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137855Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.130{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137854Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.130{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137853Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.130{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137852Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.130{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000137851Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.130{6EDEAD03-503F-615D-0500-00000000FC01}408424C:\Windows\system32\csrss.exe{6EDEAD03-61B5-615D-D802-00000000FC01}2212C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000137850Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.130{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-61B5-615D-D802-00000000FC01}2212C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000137849Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.132{6EDEAD03-61B5-615D-D802-00000000FC01}2212C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000137848Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.115{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\cookies.sqlite-journalMD5=D79F3CCCE91BBAD2E33B6C34F0B9BC27,SHA256=2488CF28D73F22472FEAB0D8DBBF4788693E9BDF05C448183F8D5CCC3B1E89B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137847Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.068{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9BFA39358C94B7D02291C6E32298E9EF,SHA256=24C22ADE06CFDBA7D95962B47707C334EE95EC34F056F1795D80C505C3CD0FC1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137846Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.052{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\permissions.sqlite-journalMD5=E33A90455F74C15EAD3DC665F56C4645,SHA256=ED519F3B5657264EE59982227DDBA048A534CFD8717F9CF99B3FB84566D74315,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137845Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.052{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\permissions.sqlite-journalMD5=31FA69BC9B7A51E67F00C74F30B0DD61,SHA256=94832BD5B237FFCE62EB426B5709B18DC0E7F44B6D84FDED15194F8B6C5424C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137844Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.052{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\cookies.sqlite-journalMD5=6B8357744852ACD9BF1A610D313FD57E,SHA256=83D118D6E588C8108EF45BFC09713B1E1C390290153E7CBA412F7CC84D0495BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137843Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.037{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\permissions.sqlite-journalMD5=7BEE664C9C548E48B5DBF568580B1826,SHA256=A1BA29C4976332158D45F44F171ACEB1D918AE438E67EE569D08CCF535EE7A76,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000137842Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.037{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\cookies.sqlite-journalMD5=6157446F0524A7624C86A6E79F59B6D5,SHA256=2D6B82D57D0951F50A683F65C77A7DB22AA25F8A808C449C57EF6ECAC9A791F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120726Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:34.090{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=959DEA4D704C89C60FBAEDED4AC6A0AB,SHA256=90A82C7914D9C6A4CF01888C11F7EF14C0C956B9F9480CC30D87DA85BE7BC761,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138223Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.977{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-walMD5=9AD0070388854B2BB796048E9CFBF95A,SHA256=84CF7A9D8BC9CDFE6E40BEC7089DD7F49FAF0FDA393C469A780D8679322C02C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138222Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.961{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shmMD5=466E854B886360E62D7FDF84B428705B,SHA256=C1A392242EFCEBDCC0ABE65B6C1125972751B596F3FDC1EDFE57EE7E247FF136,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138221Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.961{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\ZJUI0E~1.DEF\cert9.db-journalMD5=2C488E1186C4FF9277CFB6E0D618E90F,SHA256=940F79B41FE19EC8E872BBB12534C1B4A2341FC25AB3F6D9B0053FBDD99E4E40,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138220Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.945{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-journalMD5=0CE4C306BB255BBF33892A55A93CFE48,SHA256=D8B6BE36E7F7C03EFF6834B1EE3CF96BBB929953C9339ADFC25984076826C5A3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138219Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.945{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-journalMD5=464775548EE140B683EDCEBA04799C8D,SHA256=A82E1B6503A98FA61E7791B633BFFDCC19D2D64AE3DB8AAEB8603D7F2FB0BAF4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138218Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.930{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138217Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.877{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138216Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.845{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-walMD5=BD2C1391D42D8D203AA88B83820C9C4E,SHA256=58E92A1514CB4ABB5F0C4190B9EA863318F89A57EF8205A53C4310B6D626324F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138215Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.845{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=62A63F391A72F6F32785AA938AAA19F2,SHA256=102EC7829EE8C0CAF1000554206CE52271488B893FB179336C13A8D96041AE81,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138214Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.845{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167c38c|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138213Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.845{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167c38c|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138212Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.845{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167c38c|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000138211Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.830{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138210Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.830{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-walMD5=FD7C47B76EB61B8FE227CCCE9FBF986C,SHA256=B8395BB12734717BB74C2BBA26DE2F15BAD705B2BD7A9C28FC932F38DDB1378F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138209Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.830{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B88996A83A1EBA2F9EB91D7375024FEC,SHA256=49F22453F8ABA0A538E177D5994B5604A2309CF172CA2F1B16BE6DCD9D9AD029,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138208Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.808{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-walMD5=A2F01F1CBC1043C8A049B8099EF6B857,SHA256=2815011F0AF06023418E185EBBA931869720E895F92A46FD9204D78A7FD5B11D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138207Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.808{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shmMD5=1B0D4F9ED462AC08397728A316AE806B,SHA256=3D9B9D77B9C702543DD37DBBF0172EF1683CD1D8BFE8AC1C2A05C9B6B07D1E22,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138206Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.792{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+ca12c4|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|UNKNOWN(000000A1BD5A406F) 10341000x8000000000000000138205Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.792{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+ca12c4|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|UNKNOWN(000000A1BD5A406F) 10341000x8000000000000000138204Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.792{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+ca12c4|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|UNKNOWN(000000A1BD5A406F) 23542300x8000000000000000138203Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.792{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138202Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.792{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-walMD5=3267F6ACC634A42D8F78779E43B0D840,SHA256=0B9858E71BD216B8FD7787EF10B1F09AEFB5F0902BDD379419ED466DAE2F9C1E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138201Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.777{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=96804E0466F47BD896A9443867C5247B,SHA256=CBBDD226199C75668993767244DCF7AEC93A4755AFB82A6E15036BD415E6C369,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138200Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.777{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-journalMD5=E93BB32861EAB2A093417F1B3DE37B45,SHA256=990BFE656B2B5B22D572EEB1046FC60F23E5F0B7D4416722C495E11D9B11E4B8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138199Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.777{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+ca12c4|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|UNKNOWN(000000A1BD5A406F) 10341000x8000000000000000138198Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.777{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+ca12c4|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|UNKNOWN(000000A1BD5A406F) 10341000x8000000000000000138197Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.777{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+ca12c4|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|UNKNOWN(000000A1BD5A406F) 23542300x8000000000000000138196Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.777{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-journalMD5=696A4E4682F02619709B7A9CA257AC02,SHA256=546B6A7AFD968F9767237F6BE9C159B17BF4157A5F7D601F76120F19439E0FF2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138195Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.761{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\ZJUI0E~1.DEF\cert9.db-journalMD5=610FEB08E812DBAC3193C54542B3A4F3,SHA256=15A4BAA306EA43ED7E05D9B8D15F1D91BFB2A4C787236A6151EF6BFFF2AA4327,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138194Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.745{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+ca12c4|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|UNKNOWN(000000A1BD5A406F) 10341000x8000000000000000138193Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.745{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+ca12c4|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|UNKNOWN(000000A1BD5A406F) 10341000x8000000000000000138192Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.745{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+ca12c4|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|UNKNOWN(000000A1BD5A406F) 23542300x8000000000000000138191Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.745{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138190Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.708{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-walMD5=7B2BE297EC175AA6FD2E664EFAA30EB3,SHA256=18D4C62C6C947EA08A3D0D3882C213F92BA287F64811440CB04F2DEEEFE2BB4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138189Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.708{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=86430C2AF5ADED863FBB3D939C7352D1,SHA256=FDB9978A1DFD92CD782863D4802E0089942622E7280872EDD1582F326D8CD441,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138188Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.692{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+bf7923|C:\Program Files\Mozilla Firefox\xul.dll+bf6fc1|C:\Program Files\Mozilla Firefox\xul.dll+beec83|C:\Program Files\Mozilla Firefox\xul.dll+bf8370|C:\Program Files\Mozilla Firefox\xul.dll+feccf0|C:\Program Files\Mozilla Firefox\xul.dll+fddacb|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+fe1f1e|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+fe17ac|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+fe1f1e|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04 23542300x8000000000000000138187Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.646{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-walMD5=BCC0F3539B3EC240EE2A2F3F15C31889,SHA256=0FEE004DE1866F29C123F450DBE21746751D74936446BEF171D1434291AE9C0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138186Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.646{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=742FF3E427A78EA2B9EFC309BEB04B96,SHA256=36CAF40EBAE1636FAA5335EA5F7675AC14ADBCC13352177408C4CC6D06D6EFB2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138185Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.630{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-walMD5=D1D802FBE5D9EA386AF52313F19A8BE2,SHA256=9E25BCDDCA92EB9951D55316565DA2EF7DDE3D9E0091BBAAEA5D3DDF9232199E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138184Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.630{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmMD5=4CE1EE4B8B6D8455B8C77F8A0B9B3D21,SHA256=E367807977F6C60837F0B49D68FF3F449F9314ECA557DA9050D36CB443F34E76,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138183Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.608{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-journalMD5=137D31D1E222FA51FBDA8D6E929F01EB,SHA256=9071AF18115B2E414693F890C8B33F9BC39B9A1B678EBC385CB4D3EF70243B29,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138182Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.608{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+ca12c4|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|UNKNOWN(000000A1BD5A406F) 10341000x8000000000000000138181Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.608{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+ca12c4|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|UNKNOWN(000000A1BD5A406F) 10341000x8000000000000000138180Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.608{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+ca12c4|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|UNKNOWN(000000A1BD5A406F) 23542300x8000000000000000138179Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.608{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-journalMD5=E7B64271996F5FC5EBC83451717904BB,SHA256=8F7EF1B86F70684E82A49D9D217AC8035D271FA82C7039F0EDA17A4D109D7C21,IMPHASH=00000000000000000000000000000000falsetrue 22542200x8000000000000000138178Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.687{6EDEAD03-61B3-615D-D602-00000000FC01}1892example.org0::ffff:93.184.216.34;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138177Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.687{6EDEAD03-61B3-615D-D602-00000000FC01}1892example.org093.184.216.34;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138176Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.566{6EDEAD03-61B3-615D-D602-00000000FC01}1892prod.detectportal.prod.cloudops.mozgcp.net02600:1901:0:38d7::;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138175Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.565{6EDEAD03-61B3-615D-D602-00000000FC01}1892prod.detectportal.prod.cloudops.mozgcp.net034.107.221.82;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138174Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.557{6EDEAD03-61B3-615D-D602-00000000FC01}1892detectportal.firefox.com0type: 5 detectportal.prod.mozaws.net;type: 5 prod.detectportal.prod.cloudops.mozgcp.net;::ffff:34.107.221.82;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000138173Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.546{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2f710|C:\Program Files\Mozilla Firefox\xul.dll+e5ba99|C:\Program Files\Mozilla Firefox\xul.dll+e57449|C:\Program Files\Mozilla Firefox\xul.dll+e468b7|C:\Program Files\Mozilla Firefox\xul.dll+e48234|C:\Program Files\Mozilla Firefox\xul.dll+e4a6e0|C:\Program Files\Mozilla Firefox\xul.dll+c6cf0f|C:\Program Files\Mozilla Firefox\xul.dll+c6a3d7|C:\Program Files\Mozilla Firefox\xul.dll+29283d|C:\Program Files\Mozilla Firefox\xul.dll+2923d1|C:\Program Files\Mozilla Firefox\xul.dll+f8f7e5|C:\Program Files\Mozilla Firefox\xul.dll+1777f6f|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+c6c72f|C:\Program Files\Mozilla Firefox\xul.dll+274461|C:\Program Files\Mozilla Firefox\xul.dll+38136e|C:\Program Files\Mozilla Firefox\xul.dll+cfeed6|C:\Program Files\Mozilla Firefox\xul.dll+176953f|C:\Program Files\Mozilla Firefox\xul.dll+16fdc02|C:\Program Files\Mozilla Firefox\xul.dll+16d21c4|C:\Program Files\Mozilla Firefox\xul.dll+1b6175d|C:\Program Files\Mozilla Firefox\xul.dll+16fe0ad 10341000x8000000000000000138172Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.546{6EDEAD03-61B6-615D-DD02-00000000FC01}43884864C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138171Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.508{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+ca12c4|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|UNKNOWN(000000A1BD5A406F) 10341000x8000000000000000138170Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.508{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+ca12c4|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|UNKNOWN(000000A1BD5A406F) 10341000x8000000000000000138169Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.508{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+ca12c4|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|UNKNOWN(000000A1BD5A406F) 10341000x8000000000000000138168Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.493{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138167Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.493{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138166Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.493{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138165Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.493{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138164Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.493{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000138163Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.493{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\content-prefs.sqlite-journalMD5=404D91D8FF056DF14AEC22CDFA782A53,SHA256=D46F8C27108D5781873EF0CFAD4B3F82B67032099164A4208D1BEFB3227AAE9C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138162Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.461{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000138161Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.461{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\moz-extension+++8dbcb306-fc9f-44dc-875f-74ffbb885d65^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite-walMD5=75F5E7AA8BF394EED2F3FCE2822C0F75,SHA256=AE28142B3CD925A1714FB6CEE6E0BD05EBF3F5463F2B57CCB5132D499229D78E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138160Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.446{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\moz-extension+++8dbcb306-fc9f-44dc-875f-74ffbb885d65^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite-shmMD5=729FA05D4ADC2C3232BFFB4FF9A4C82B,SHA256=0ECF0974F0BEFAC360827B74B2054E3FC59AD03778A15889FB920E3BC7F0DA3C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138159Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.446{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138158Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.446{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FA2AD9817414B9DAA20146BECA6FF776,SHA256=7D30F3C7235D009101F297C23B935A75D979395CE0AA5243AA37E2D1A5F3A183,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138157Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.408{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138156Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.377{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2f710|C:\Program Files\Mozilla Firefox\xul.dll+e5ba99|C:\Program Files\Mozilla Firefox\xul.dll+e57449|C:\Program Files\Mozilla Firefox\xul.dll+e4bc5e|C:\Program Files\Mozilla Firefox\xul.dll+e36a01|C:\Program Files\Mozilla Firefox\xul.dll+c6bf21|C:\Program Files\Mozilla Firefox\xul.dll+23a8f1|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+174c0f5|C:\Program Files\Mozilla Firefox\xul.dll+f3d406|C:\Program Files\Mozilla Firefox\xul.dll+3dd4eb|C:\Program Files\Mozilla Firefox\xul.dll+cc301|C:\Program Files\Mozilla Firefox\xul.dll+11b1102|C:\Program Files\Mozilla Firefox\xul.dll+c2d4ae|C:\Program Files\Mozilla Firefox\xul.dll+c2e0bb|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff 10341000x8000000000000000138155Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.362{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4efc8|C:\Program Files\Mozilla Firefox\xul.dll+237c3a2|C:\Program Files\Mozilla Firefox\xul.dll+3629f9c|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138154Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.362{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a12d37|C:\Program Files\Mozilla Firefox\xul.dll+a82909|C:\Program Files\Mozilla Firefox\xul.dll+9db572|C:\Program Files\Mozilla Firefox\xul.dll+8b0dba|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138153Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.362{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a12d37|C:\Program Files\Mozilla Firefox\xul.dll+a82909|C:\Program Files\Mozilla Firefox\xul.dll+9db572|C:\Program Files\Mozilla Firefox\xul.dll+8b0dba|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138152Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.362{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a12d37|C:\Program Files\Mozilla Firefox\xul.dll+a82909|C:\Program Files\Mozilla Firefox\xul.dll+9db572|C:\Program Files\Mozilla Firefox\xul.dll+8b0dba|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138151Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.362{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a12d37|C:\Program Files\Mozilla Firefox\xul.dll+a82909|C:\Program Files\Mozilla Firefox\xul.dll+9db572|C:\Program Files\Mozilla Firefox\xul.dll+8b0dba|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138150Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.362{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a12d37|C:\Program Files\Mozilla Firefox\xul.dll+a82909|C:\Program Files\Mozilla Firefox\xul.dll+9db572|C:\Program Files\Mozilla Firefox\xul.dll+8b0dba|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138149Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.362{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a12d37|C:\Program Files\Mozilla Firefox\xul.dll+a82909|C:\Program Files\Mozilla Firefox\xul.dll+9db572|C:\Program Files\Mozilla Firefox\xul.dll+8b0dba|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138148Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.362{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a12d37|C:\Program Files\Mozilla Firefox\xul.dll+a82909|C:\Program Files\Mozilla Firefox\xul.dll+9db572|C:\Program Files\Mozilla Firefox\xul.dll+8b0dba|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138147Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.362{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a12d37|C:\Program Files\Mozilla Firefox\xul.dll+a82909|C:\Program Files\Mozilla Firefox\xul.dll+9db572|C:\Program Files\Mozilla Firefox\xul.dll+8b0dba|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138146Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.362{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a12d37|C:\Program Files\Mozilla Firefox\xul.dll+a82909|C:\Program Files\Mozilla Firefox\xul.dll+9db572|C:\Program Files\Mozilla Firefox\xul.dll+8b0dba|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138145Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.362{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a12d37|C:\Program Files\Mozilla Firefox\xul.dll+a82909|C:\Program Files\Mozilla Firefox\xul.dll+9db572|C:\Program Files\Mozilla Firefox\xul.dll+8b0dba|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138144Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.362{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a12d37|C:\Program Files\Mozilla Firefox\xul.dll+a82909|C:\Program Files\Mozilla Firefox\xul.dll+9db572|C:\Program Files\Mozilla Firefox\xul.dll+8b0dba|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138143Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.362{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a12d37|C:\Program Files\Mozilla Firefox\xul.dll+a82909|C:\Program Files\Mozilla Firefox\xul.dll+9db572|C:\Program Files\Mozilla Firefox\xul.dll+8b0dba|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138142Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.362{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a12d37|C:\Program Files\Mozilla Firefox\xul.dll+a82909|C:\Program Files\Mozilla Firefox\xul.dll+9db572|C:\Program Files\Mozilla Firefox\xul.dll+8b0dba|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138141Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.362{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a12d37|C:\Program Files\Mozilla Firefox\xul.dll+a82909|C:\Program Files\Mozilla Firefox\xul.dll+9db572|C:\Program Files\Mozilla Firefox\xul.dll+8b0dba|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138140Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.362{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a12d37|C:\Program Files\Mozilla Firefox\xul.dll+a82909|C:\Program Files\Mozilla Firefox\xul.dll+9db572|C:\Program Files\Mozilla Firefox\xul.dll+8b0dba|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138139Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.362{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a12d37|C:\Program Files\Mozilla Firefox\xul.dll+a82909|C:\Program Files\Mozilla Firefox\xul.dll+9db572|C:\Program Files\Mozilla Firefox\xul.dll+8b0dba|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000138138Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.362{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=906CA97500ED68FB6F3FFE78ED11B76D,SHA256=1AA124BA7CE30FE0B49948846F395D67FE130770BE5E3ECA08BB358D66EF1F0A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138137Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.362{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138136Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.362{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-61B6-615D-DD02-00000000FC01}4388C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138135Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.362{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138134Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.362{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138133Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.362{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138132Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.362{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138131Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.362{6EDEAD03-503F-615D-0500-00000000FC01}408404C:\Windows\system32\csrss.exe{6EDEAD03-61B6-615D-DD02-00000000FC01}4388C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000138130Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.362{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-61B6-615D-DD02-00000000FC01}4388C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000138129Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.362{6EDEAD03-61B6-615D-DD02-00000000FC01}4388C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000138128Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.293{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\favicons.sqlite-walMD5=B0A16C8E896246DD37C9C0D8475FC150,SHA256=5F0315B33A0F6983698BF5B9274EBB21B7B572AEDE70B06B91351F9AF97EAA65,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138127Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.293{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\favicons.sqlite-shmMD5=C255DE59B220F9105D32B5E54FB52676,SHA256=2EC8DE690D99C051C3B59B87B1CCAEA110C682B97F1701B2132BBB135458E0C4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138126Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.293{6EDEAD03-5041-615D-1000-00000000FC01}3761736C:\Windows\system32\svchost.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000138125Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.277{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-walMD5=E570E5E142B638FD253C399A0DDC4287,SHA256=A171193F8981A74790511376189CF5CEB6270CFE7EDA8734C59D27CAAEB1C20D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138124Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.277{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=209C897DE83944EB3A09BF69DDC9C299,SHA256=0F870F724A0313827E3FBE4151570FDF9E19B73A9E309C737DC4EAA8430622FA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138123Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.277{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138122Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.277{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000138121Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.277{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\favicons.sqlite-journalMD5=AE1ABA45496D2230C94960478C59E779,SHA256=5E186113155782926D7D200DF9CDFFD0D0E044E4E0E20D18F42D8A51F11B725F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138120Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.277{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\favicons.sqlite-journalMD5=06E85C623402032C5933F487F15EC984,SHA256=397E4B65AE7E26B31872C199F6F7C076E0911CE8A166AB4C88AA0AB35F6AF54F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138119Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.262{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138118Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.262{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000138117Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.262{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\places.sqlite-journalMD5=8B4AF5301B03FF6CA2BB4A53870F57CC,SHA256=908AF60647D8FAC5C74BA7CBEC828C43D6D4EF1946E33230BF4870E3960015EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138116Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.262{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\ZJUI0E~1.DEF\cert9.db-journalMD5=F67441E2508BC336A557DC52EAB223FF,SHA256=C6272D3BF8053E2547834E3500394DA159B89EAC917DC38FB8AFF12F971A1776,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138115Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.246{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\moz-extension+++8dbcb306-fc9f-44dc-875f-74ffbb885d65^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite-walMD5=DBD24CE4EA371E70765D017D638AD4D9,SHA256=859C55A037C34AD10EA5E3174C5294E1EE94B1C74331FDDE0C3A0EA6688852B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138114Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.246{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\moz-extension+++8dbcb306-fc9f-44dc-875f-74ffbb885d65^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite-shmMD5=0122C5E083AF710517CFAA495F84506E,SHA256=31F42B3AF298E0878E093ADDAA62456107A1BF172287DD8060C73CAC276A4FCF,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000138113Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:32.322{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcpfalsefalse127.0.0.1-64623-false127.0.0.1-64622- 354300x8000000000000000138112Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:32.322{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse127.0.0.1-64623-false127.0.0.1-64622- 354300x8000000000000000138111Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:30.789{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64621-false93.184.220.29-80http 23542300x8000000000000000138110Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.230{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\moz-extension+++8dbcb306-fc9f-44dc-875f-74ffbb885d65^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite-journalMD5=B56F3086F46E5A5B84DCF4E80F117A11,SHA256=B79EA2D22202278A776FC33F9DDFF0192513D9231A33AF17B9802B57C68CC2E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138109Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.230{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138108Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.230{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a12d37|C:\Program Files\Mozilla Firefox\xul.dll+a82909|C:\Program Files\Mozilla Firefox\xul.dll+9db572|C:\Program Files\Mozilla Firefox\xul.dll+8b0dba|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000138107Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.230{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\moz-extension+++8dbcb306-fc9f-44dc-875f-74ffbb885d65^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite-journalMD5=3396E1070C5CEDFF471FD80C6ABF99F9,SHA256=21A404D6E52FB4A2990D3F3F3F5E38C46E1CE6B85A223002373A8896F58CA0B2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138106Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.230{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+ed6d5e|C:\Program Files\Mozilla Firefox\xul.dll+289542|C:\Program Files\Mozilla Firefox\xul.dll+28882f|C:\Program Files\Mozilla Firefox\xul.dll+28861a|C:\Program Files\Mozilla Firefox\xul.dll+eeff55|C:\Program Files\Mozilla Firefox\xul.dll+18b861a|C:\Program Files\Mozilla Firefox\xul.dll+1acc418|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1ace974|C:\Program Files\Mozilla Firefox\xul.dll+177715e|C:\Program Files\Mozilla Firefox\xul.dll+f245a2|C:\Program Files\Mozilla Firefox\xul.dll+1acb272|C:\Program Files\Mozilla Firefox\xul.dll+17779b9|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+108abc|C:\Program Files\Mozilla Firefox\xul.dll+127c9f|C:\Program Files\Mozilla Firefox\xul.dll+11972f9|C:\Program Files\Mozilla Firefox\xul.dll+908818|C:\Program Files\Mozilla Firefox\xul.dll+908f46|C:\Program Files\Mozilla Firefox\xul.dll+22fae0 10341000x8000000000000000138105Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.230{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+ed6d37|C:\Program Files\Mozilla Firefox\xul.dll+289542|C:\Program Files\Mozilla Firefox\xul.dll+28882f|C:\Program Files\Mozilla Firefox\xul.dll+28861a|C:\Program Files\Mozilla Firefox\xul.dll+eeff55|C:\Program Files\Mozilla Firefox\xul.dll+18b861a|C:\Program Files\Mozilla Firefox\xul.dll+1acc418|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1ace974|C:\Program Files\Mozilla Firefox\xul.dll+177715e|C:\Program Files\Mozilla Firefox\xul.dll+f245a2|C:\Program Files\Mozilla Firefox\xul.dll+1acb272|C:\Program Files\Mozilla Firefox\xul.dll+17779b9|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+108abc|C:\Program Files\Mozilla Firefox\xul.dll+127c9f|C:\Program Files\Mozilla Firefox\xul.dll+11972f9|C:\Program Files\Mozilla Firefox\xul.dll+908818|C:\Program Files\Mozilla Firefox\xul.dll+908f46|C:\Program Files\Mozilla Firefox\xul.dll+22fae0 10341000x8000000000000000138104Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.230{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+ed6d0c|C:\Program Files\Mozilla Firefox\xul.dll+289542|C:\Program Files\Mozilla Firefox\xul.dll+28882f|C:\Program Files\Mozilla Firefox\xul.dll+28861a|C:\Program Files\Mozilla Firefox\xul.dll+eeff55|C:\Program Files\Mozilla Firefox\xul.dll+18b861a|C:\Program Files\Mozilla Firefox\xul.dll+1acc418|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1ace974|C:\Program Files\Mozilla Firefox\xul.dll+177715e|C:\Program Files\Mozilla Firefox\xul.dll+f245a2|C:\Program Files\Mozilla Firefox\xul.dll+1acb272|C:\Program Files\Mozilla Firefox\xul.dll+17779b9|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+108abc|C:\Program Files\Mozilla Firefox\xul.dll+127c9f|C:\Program Files\Mozilla Firefox\xul.dll+11972f9|C:\Program Files\Mozilla Firefox\xul.dll+908818|C:\Program Files\Mozilla Firefox\xul.dll+908f46|C:\Program Files\Mozilla Firefox\xul.dll+22fae0 23542300x8000000000000000138103Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.209{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage.sqlite-journalMD5=C2FD483E382F0D0AE561F7E1CAA7EF68,SHA256=9575CF14430C01051AD607886331EC0327D101C9C0B77F0C2506B4B2954F6F34,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138102Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.209{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138101Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.209{6EDEAD03-61B3-615D-D602-00000000FC01}18923408C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a0b461|C:\Program Files\Mozilla Firefox\xul.dll+a6c6e5|C:\Program Files\Mozilla Firefox\xul.dll+d0281|C:\Program Files\Mozilla Firefox\xul.dll+19d6412|C:\Program Files\Mozilla Firefox\xul.dll+1747b79|C:\Program Files\Mozilla Firefox\xul.dll+167b2d9|C:\Program Files\Mozilla Firefox\xul.dll+26742|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+8b45d7|C:\Program Files\Mozilla Firefox\nss3.dll+7647d|C:\Program Files\Mozilla Firefox\nss3.dll+8e401|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138100Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.193{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4efc8|C:\Program Files\Mozilla Firefox\xul.dll+a12d37|C:\Program Files\Mozilla Firefox\xul.dll+a5b7d9|C:\Program Files\Mozilla Firefox\xul.dll+e50238|C:\Program Files\Mozilla Firefox\xul.dll+19e1f56|C:\Program Files\Mozilla Firefox\xul.dll+19d6412|C:\Program Files\Mozilla Firefox\xul.dll+19ae344|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000138099Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:43:34.193{6EDEAD03-61B3-615D-D602-00000000FC01}1892\cubeb-pipe-1892-2C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000138098Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-06 08:43:34.193{6EDEAD03-61B3-615D-D602-00000000FC01}1892\cubeb-pipe-1892-2C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000138097Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.193{6EDEAD03-503F-615D-0B00-00000000FC01}624672C:\Windows\system32\lsass.exe{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138096Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.193{6EDEAD03-503F-615D-0B00-00000000FC01}624672C:\Windows\system32\lsass.exe{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138095Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.177{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+ca12c4|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|C:\Program Files\Mozilla Firefox\xul.dll+16d0278|C:\Program Files\Mozilla Firefox\xul.dll+1b6aed7|C:\Program Files\Mozilla Firefox\xul.dll+17876ff|C:\Program Files\Mozilla Firefox\xul.dll+17387a6|UNKNOWN(000000A1BD581E84) 10341000x8000000000000000138094Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.177{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+ca12c4|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|C:\Program Files\Mozilla Firefox\xul.dll+16d0278|C:\Program Files\Mozilla Firefox\xul.dll+1b6aed7|C:\Program Files\Mozilla Firefox\xul.dll+17876ff|C:\Program Files\Mozilla Firefox\xul.dll+17387a6|UNKNOWN(000000A1BD581E84) 10341000x8000000000000000138093Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.177{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+ca12c4|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|C:\Program Files\Mozilla Firefox\xul.dll+16d0278|C:\Program Files\Mozilla Firefox\xul.dll+1b6aed7|C:\Program Files\Mozilla Firefox\xul.dll+17876ff|C:\Program Files\Mozilla Firefox\xul.dll+17387a6|UNKNOWN(000000A1BD581E84) 10341000x8000000000000000138092Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.177{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+ca12c4|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|C:\Program Files\Mozilla Firefox\xul.dll+16d0278|C:\Program Files\Mozilla Firefox\xul.dll+1b6aed7|C:\Program Files\Mozilla Firefox\xul.dll+17876ff|C:\Program Files\Mozilla Firefox\xul.dll+17387a6|UNKNOWN(000000A1BD581E84) 10341000x8000000000000000138091Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.177{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+ca12c4|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|C:\Program Files\Mozilla Firefox\xul.dll+16d0278|C:\Program Files\Mozilla Firefox\xul.dll+1b6aed7|C:\Program Files\Mozilla Firefox\xul.dll+17876ff|C:\Program Files\Mozilla Firefox\xul.dll+17387a6|UNKNOWN(000000A1BD581E84) 10341000x8000000000000000138090Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.177{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+ca12c4|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|C:\Program Files\Mozilla Firefox\xul.dll+16d0278|C:\Program Files\Mozilla Firefox\xul.dll+1b6aed7|C:\Program Files\Mozilla Firefox\xul.dll+17876ff|C:\Program Files\Mozilla Firefox\xul.dll+17387a6|UNKNOWN(000000A1BD581E84) 10341000x8000000000000000138089Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.177{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+ca12c4|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|C:\Program Files\Mozilla Firefox\xul.dll+16d0278|C:\Program Files\Mozilla Firefox\xul.dll+1b6aed7|C:\Program Files\Mozilla Firefox\xul.dll+1b73e11|C:\Program Files\Mozilla Firefox\xul.dll+1d32fc7|UNKNOWN(000000A1BD583E5F) 10341000x8000000000000000138088Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.177{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+ca12c4|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|C:\Program Files\Mozilla Firefox\xul.dll+16d0278|C:\Program Files\Mozilla Firefox\xul.dll+1b6aed7|C:\Program Files\Mozilla Firefox\xul.dll+1b73e11|C:\Program Files\Mozilla Firefox\xul.dll+1d32fc7|UNKNOWN(000000A1BD583E5F) 10341000x8000000000000000138087Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.177{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+ca12c4|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|C:\Program Files\Mozilla Firefox\xul.dll+16d0278|C:\Program Files\Mozilla Firefox\xul.dll+1b6aed7|C:\Program Files\Mozilla Firefox\xul.dll+1b73e11|C:\Program Files\Mozilla Firefox\xul.dll+1d32fc7|UNKNOWN(000000A1BD583E5F) 10341000x8000000000000000138086Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.177{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+ca12c4|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|C:\Program Files\Mozilla Firefox\xul.dll+16d0278|C:\Program Files\Mozilla Firefox\xul.dll+1b6aed7|C:\Program Files\Mozilla Firefox\xul.dll+1b5f88f|C:\Program Files\Mozilla Firefox\xul.dll+736f4|C:\Program Files\Mozilla Firefox\xul.dll+1256348|C:\Program Files\Mozilla Firefox\xul.dll+8b8f1|C:\Program Files\Mozilla Firefox\xul.dll+8b848|C:\Program Files\Mozilla Firefox\xul.dll+ac7489|C:\Program Files\Mozilla Firefox\xul.dll+87e1f|C:\Program Files\Mozilla Firefox\xul.dll+c386fb|C:\Program Files\Mozilla Firefox\xul.dll+16fdc02|C:\Program Files\Mozilla Firefox\xul.dll+129ca49|C:\Program Files\Mozilla Firefox\xul.dll+1b6c136|C:\Program Files\Mozilla Firefox\xul.dll+17876ff|C:\Program Files\Mozilla Firefox\xul.dll+17014f1 10341000x8000000000000000138085Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.177{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+ca12c4|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|C:\Program Files\Mozilla Firefox\xul.dll+16d0278|C:\Program Files\Mozilla Firefox\xul.dll+1b6aed7|C:\Program Files\Mozilla Firefox\xul.dll+1b5f88f|C:\Program Files\Mozilla Firefox\xul.dll+736f4|C:\Program Files\Mozilla Firefox\xul.dll+1256348|C:\Program Files\Mozilla Firefox\xul.dll+8b8f1|C:\Program Files\Mozilla Firefox\xul.dll+8b848|C:\Program Files\Mozilla Firefox\xul.dll+ac7489|C:\Program Files\Mozilla Firefox\xul.dll+87e1f|C:\Program Files\Mozilla Firefox\xul.dll+c386fb|C:\Program Files\Mozilla Firefox\xul.dll+16fdc02|C:\Program Files\Mozilla Firefox\xul.dll+129ca49|C:\Program Files\Mozilla Firefox\xul.dll+1b6c136|C:\Program Files\Mozilla Firefox\xul.dll+17876ff|C:\Program Files\Mozilla Firefox\xul.dll+17014f1 10341000x8000000000000000138084Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.177{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+ca12c4|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|C:\Program Files\Mozilla Firefox\xul.dll+16d0278|C:\Program Files\Mozilla Firefox\xul.dll+1b6aed7|C:\Program Files\Mozilla Firefox\xul.dll+1b5f88f|C:\Program Files\Mozilla Firefox\xul.dll+736f4|C:\Program Files\Mozilla Firefox\xul.dll+1256348|C:\Program Files\Mozilla Firefox\xul.dll+8b8f1|C:\Program Files\Mozilla Firefox\xul.dll+8b848|C:\Program Files\Mozilla Firefox\xul.dll+ac7489|C:\Program Files\Mozilla Firefox\xul.dll+87e1f|C:\Program Files\Mozilla Firefox\xul.dll+c386fb|C:\Program Files\Mozilla Firefox\xul.dll+16fdc02|C:\Program Files\Mozilla Firefox\xul.dll+129ca49|C:\Program Files\Mozilla Firefox\xul.dll+1b6c136|C:\Program Files\Mozilla Firefox\xul.dll+17876ff|C:\Program Files\Mozilla Firefox\xul.dll+17014f1 23542300x8000000000000000138083Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.146{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=177C3354ABA3FA5CEE1C720FF4AD6921,SHA256=D04D7EB83833E3AAB77B7DD7311FF6E6CB3CA6D28EEBD0C817518EE73CEDFEA5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138082Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.146{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\ZJUI0E~1.DEF\key4.db-journalMD5=DEEABFB6902A857E15B619A1F2FAF73B,SHA256=7931A827B118FA1821C518457431C69BE0645D1A1E0D3194D563D05ADADEA4DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138081Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.130{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\ZJUI0E~1.DEF\key4.db-journalMD5=6D7EB59AFF2DC8421295D01781C6A1D8,SHA256=C5CAE22FB700BD89DC0EE2B24A7FB76E914C981C745B489680AEE5F6C225143A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138080Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.129{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\ZJUI0E~1.DEF\cert9.db-journalMD5=473F7D9DC30D7E506D1032CD06ED39F2,SHA256=33E697390A604DC0AFB80BA3764277CC6BBA28D6E2412B22D06CAC13ABD2400E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138079Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.093{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B710B9D7B31BAB1FA2589AB5AEBB42E3,SHA256=F808B057A6875169D8E0A6214F21D6060BAD287E08073FA5D2ECDD70FC1BE6B4,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000138078Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.093{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\ZJUI0E~1.DEF\pkcs11.txt2021-10-06 08:43:34.093 23542300x8000000000000000138077Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.093{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C1D4AD9FE20D041D4095114DE510E887,SHA256=D413F3850BFDBC12C50D5B234DF9BD41A3957F8FDBB5FF2FA0CE4A5AC96E2E00,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138076Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.062{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+bf7923|C:\Program Files\Mozilla Firefox\xul.dll+bf6fc1|C:\Program Files\Mozilla Firefox\xul.dll+beec83|C:\Program Files\Mozilla Firefox\xul.dll+bf8370|C:\Program Files\Mozilla Firefox\xul.dll+fc0059|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a|C:\Program Files\Mozilla Firefox\xul.dll+eb6c37|C:\Program Files\Mozilla Firefox\xul.dll+eb67ec|C:\Program Files\Mozilla Firefox\xul.dll+2b70e2|C:\Program Files\Mozilla Firefox\xul.dll+1ac273f|C:\Program Files\Mozilla Firefox\xul.dll+f1bcd0 10341000x8000000000000000138075Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.031{6EDEAD03-5041-615D-1000-00000000FC01}3761736C:\Windows\system32\svchost.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138074Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.031{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+3a7e21|C:\Program Files\Mozilla Firefox\xul.dll+3a79a4|C:\Program Files\Mozilla Firefox\xul.dll+3a7848|C:\Program Files\Mozilla Firefox\xul.dll+c0e190|C:\Program Files\Mozilla Firefox\xul.dll+c0db0d|C:\Program Files\Mozilla Firefox\xul.dll+c06ba4|C:\Program Files\Mozilla Firefox\xul.dll+c0c010|C:\Program Files\Mozilla Firefox\xul.dll+c0c76b|C:\Program Files\Mozilla Firefox\xul.dll+39ae11|C:\Program Files\Mozilla Firefox\xul.dll+c0d539|C:\Program Files\Mozilla Firefox\xul.dll+c104f2|C:\Program Files\Mozilla Firefox\xul.dll+c0cf56|C:\Program Files\Mozilla Firefox\xul.dll+39a61b|C:\Program Files\Mozilla Firefox\xul.dll+bedfc3|C:\Program Files\Mozilla Firefox\xul.dll+1f0f57c 10341000x8000000000000000138073Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.031{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+bf7923|C:\Program Files\Mozilla Firefox\xul.dll+bf6fc1|C:\Program Files\Mozilla Firefox\xul.dll+beec83|C:\Program Files\Mozilla Firefox\xul.dll+bf8370|C:\Program Files\Mozilla Firefox\xul.dll+fc0059|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a|C:\Program Files\Mozilla Firefox\xul.dll+eb6c37|C:\Program Files\Mozilla Firefox\xul.dll+eb67ec|C:\Program Files\Mozilla Firefox\xul.dll+2b70e2|C:\Program Files\Mozilla Firefox\xul.dll+eb5f76|C:\Program Files\Mozilla Firefox\xul.dll+eb5e89 10341000x8000000000000000138072Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.031{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+bf7923|C:\Program Files\Mozilla Firefox\xul.dll+bf6fc1|C:\Program Files\Mozilla Firefox\xul.dll+beec83|C:\Program Files\Mozilla Firefox\xul.dll+bf8370|C:\Program Files\Mozilla Firefox\xul.dll+fc0059|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a|C:\Program Files\Mozilla Firefox\xul.dll+eb6c37|C:\Program Files\Mozilla Firefox\xul.dll+eb67ec|C:\Program Files\Mozilla Firefox\xul.dll+2b70e2|C:\Program Files\Mozilla Firefox\xul.dll+eb5f76|C:\Program Files\Mozilla Firefox\xul.dll+eb5e89 10341000x8000000000000000138071Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.031{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+bf7923|C:\Program Files\Mozilla Firefox\xul.dll+bf6fc1|C:\Program Files\Mozilla Firefox\xul.dll+beec83|C:\Program Files\Mozilla Firefox\xul.dll+bf8370|C:\Program Files\Mozilla Firefox\xul.dll+fc0059|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a|C:\Program Files\Mozilla Firefox\xul.dll+eb6c37|C:\Program Files\Mozilla Firefox\xul.dll+eb67ec|C:\Program Files\Mozilla Firefox\xul.dll+2b70e2|C:\Program Files\Mozilla Firefox\xul.dll+eb5f76|C:\Program Files\Mozilla Firefox\xul.dll+eb5e89 10341000x8000000000000000138070Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.031{6EDEAD03-5041-615D-1000-00000000FC01}3761736C:\Windows\system32\svchost.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138069Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.031{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+bf7923|C:\Program Files\Mozilla Firefox\xul.dll+bf6fc1|C:\Program Files\Mozilla Firefox\xul.dll+beec83|C:\Program Files\Mozilla Firefox\xul.dll+bf8370|C:\Program Files\Mozilla Firefox\xul.dll+fc0059|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a|C:\Program Files\Mozilla Firefox\xul.dll+eb6c37|C:\Program Files\Mozilla Firefox\xul.dll+eb67ec|C:\Program Files\Mozilla Firefox\xul.dll+2b70e2|C:\Program Files\Mozilla Firefox\xul.dll+eb5f76|C:\Program Files\Mozilla Firefox\xul.dll+eb5e89 10341000x8000000000000000138068Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.031{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+bf7923|C:\Program Files\Mozilla Firefox\xul.dll+bf6fc1|C:\Program Files\Mozilla Firefox\xul.dll+beec83|C:\Program Files\Mozilla Firefox\xul.dll+bf8370|C:\Program Files\Mozilla Firefox\xul.dll+fc0059|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a|C:\Program Files\Mozilla Firefox\xul.dll+eb6c37|C:\Program Files\Mozilla Firefox\xul.dll+eb67ec|C:\Program Files\Mozilla Firefox\xul.dll+2b70e2|C:\Program Files\Mozilla Firefox\xul.dll+eb5f76|C:\Program Files\Mozilla Firefox\xul.dll+eb5e89 10341000x8000000000000000138067Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.031{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b695f9|C:\Program Files\Mozilla Firefox\xul.dll+b7958a|C:\Program Files\Mozilla Firefox\xul.dll+b56ab9|C:\Program Files\Mozilla Firefox\xul.dll+b6c350|C:\Program Files\Mozilla Firefox\xul.dll+1a24c7c|C:\Program Files\Mozilla Firefox\xul.dll+192fc92|C:\Program Files\Mozilla Firefox\xul.dll+192dfcc|C:\Program Files\Mozilla Firefox\xul.dll+1b1c2f7|C:\Program Files\Mozilla Firefox\xul.dll+1b1b19f|C:\Program Files\Mozilla Firefox\xul.dll+192a5fa|C:\Program Files\Mozilla Firefox\xul.dll+1b3e634|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937 10341000x8000000000000000138066Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.031{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+bf7923|C:\Program Files\Mozilla Firefox\xul.dll+bf6fc1|C:\Program Files\Mozilla Firefox\xul.dll+beec83|C:\Program Files\Mozilla Firefox\xul.dll+bf8370|C:\Program Files\Mozilla Firefox\xul.dll+fc0059|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a|C:\Program Files\Mozilla Firefox\xul.dll+eb6c37|C:\Program Files\Mozilla Firefox\xul.dll+eb67ec|C:\Program Files\Mozilla Firefox\xul.dll+2b70e2|C:\Program Files\Mozilla Firefox\xul.dll+eb5f76|C:\Program Files\Mozilla Firefox\xul.dll+eb5e89 10341000x8000000000000000138065Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.031{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+bf7923|C:\Program Files\Mozilla Firefox\xul.dll+bf6fc1|C:\Program Files\Mozilla Firefox\xul.dll+beec83|C:\Program Files\Mozilla Firefox\xul.dll+bf8370|C:\Program Files\Mozilla Firefox\xul.dll+fc0059|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+fe17ac|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a|C:\Program Files\Mozilla Firefox\xul.dll+eb6c37|C:\Program Files\Mozilla Firefox\xul.dll+eb67ec|C:\Program Files\Mozilla Firefox\xul.dll+2b70e2 10341000x8000000000000000138064Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.031{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+bf7923|C:\Program Files\Mozilla Firefox\xul.dll+bf6fc1|C:\Program Files\Mozilla Firefox\xul.dll+beec83|C:\Program Files\Mozilla Firefox\xul.dll+bf8370|C:\Program Files\Mozilla Firefox\xul.dll+fc0059|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+fe17ac|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a|C:\Program Files\Mozilla Firefox\xul.dll+eb6c37|C:\Program Files\Mozilla Firefox\xul.dll+eb67ec|C:\Program Files\Mozilla Firefox\xul.dll+2b70e2 10341000x8000000000000000138063Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.031{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+bf7923|C:\Program Files\Mozilla Firefox\xul.dll+bf6fc1|C:\Program Files\Mozilla Firefox\xul.dll+beec83|C:\Program Files\Mozilla Firefox\xul.dll+bf8370|C:\Program Files\Mozilla Firefox\xul.dll+fc0059|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+fe17ac|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a|C:\Program Files\Mozilla Firefox\xul.dll+eb6c37|C:\Program Files\Mozilla Firefox\xul.dll+eb67ec|C:\Program Files\Mozilla Firefox\xul.dll+2b70e2 10341000x8000000000000000138062Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.031{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+bf7923|C:\Program Files\Mozilla Firefox\xul.dll+bf6fc1|C:\Program Files\Mozilla Firefox\xul.dll+beec83|C:\Program Files\Mozilla Firefox\xul.dll+bf8370|C:\Program Files\Mozilla Firefox\xul.dll+fc0059|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a|C:\Program Files\Mozilla Firefox\xul.dll+eb6c37|C:\Program Files\Mozilla Firefox\xul.dll+eb67ec|C:\Program Files\Mozilla Firefox\xul.dll+2b70e2|C:\Program Files\Mozilla Firefox\xul.dll+eb5f76|C:\Program Files\Mozilla Firefox\xul.dll+eb5e89 10341000x8000000000000000138061Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.031{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+bf7923|C:\Program Files\Mozilla Firefox\xul.dll+bf6fc1|C:\Program Files\Mozilla Firefox\xul.dll+beec83|C:\Program Files\Mozilla Firefox\xul.dll+bf8370|C:\Program Files\Mozilla Firefox\xul.dll+fc0059|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a|C:\Program Files\Mozilla Firefox\xul.dll+eb6c37|C:\Program Files\Mozilla Firefox\xul.dll+eb67ec|C:\Program Files\Mozilla Firefox\xul.dll+2b70e2|C:\Program Files\Mozilla Firefox\xul.dll+eb5f76|C:\Program Files\Mozilla Firefox\xul.dll+eb5e89 10341000x8000000000000000138060Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.031{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b5f98a|C:\Program Files\Mozilla Firefox\xul.dll+2dbf19|C:\Program Files\Mozilla Firefox\xul.dll+2dbe24|C:\Program Files\Mozilla Firefox\xul.dll+2dbc0d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaa4|C:\Program Files\Mozilla Firefox\xul.dll+bab3e3|C:\Program Files\Mozilla Firefox\xul.dll+bac0d1|C:\Program Files\Mozilla Firefox\xul.dll+bab0dd|C:\Program Files\Mozilla Firefox\xul.dll+bab032|C:\Program Files\Mozilla Firefox\xul.dll+b7c131|C:\Program Files\Mozilla Firefox\xul.dll+1a25c2a|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a 10341000x8000000000000000138059Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.031{6EDEAD03-5391-615D-0E01-00000000FC01}48005132C:\Windows\Explorer.EXE{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62df7|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138058Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.020{6EDEAD03-5391-615D-0E01-00000000FC01}48004968C:\Windows\Explorer.EXE{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62df7|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138057Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.019{6EDEAD03-5391-615D-0E01-00000000FC01}48004968C:\Windows\Explorer.EXE{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138056Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.019{6EDEAD03-5391-615D-0E01-00000000FC01}48005064C:\Windows\Explorer.EXE{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62820|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138055Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.018{6EDEAD03-5391-615D-0E01-00000000FC01}48005064C:\Windows\Explorer.EXE{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+f5319|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000120727Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:35.106{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5FE9CA0F61BD6BA49B13235111E65F33,SHA256=5EA76BE756730688847D07485934A0307A296DCFCC1A1E0C93BF3C24B74121BE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138439Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.944{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138438Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.944{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138437Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.907{6EDEAD03-61B7-615D-E002-00000000FC01}53605292C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138436Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.907{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138435Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.907{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000138434Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.891{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=984D5D596A92E5A2EBB4F32E450F4227,SHA256=B96A35CF58A2B5B18D3ACDA829073FCE16F7F6DD811EBA48F70198F60A9F00FD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138433Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.860{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0DCD996C430529233099ED269323DB68,SHA256=90F65FDC37E2C5E071B87681D5B2BA65F7CAB184A41B8B6F27EAFDC6A6224AE8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138432Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.860{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138431Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.844{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138430Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.844{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138429Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.844{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138428Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.844{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138427Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.844{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138426Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.844{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138425Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.829{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138424Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.829{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000138423Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.082{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64633-false35.161.231.170ec2-35-161-231-170.us-west-2.compute.amazonaws.com443https 354300x8000000000000000138422Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.039{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64636-false2.22.117.227a2-22-117-227.deploy.static.akamaitechnologies.com80http 354300x8000000000000000138421Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.039{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55246- 354300x8000000000000000138420Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.011{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64635-false34.117.237.239239.237.117.34.bc.googleusercontent.com443https 354300x8000000000000000138419Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.007{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local63149- 354300x8000000000000000138418Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.953{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64634-false104.18.164.34-443https 354300x8000000000000000138417Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.953{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54775- 354300x8000000000000000138416Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.951{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-54105- 354300x8000000000000000138415Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.934{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59156- 354300x8000000000000000138414Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.932{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54105- 354300x8000000000000000138413Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.886{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64631-false18.66.139.17-443https 354300x8000000000000000138412Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.878{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64632-false18.66.139.17-443https 354300x8000000000000000138411Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.878{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64558- 10341000x8000000000000000138410Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.791{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138409Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.791{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138408Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.791{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138407Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.791{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138406Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.791{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138405Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.791{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+bf7923|C:\Program Files\Mozilla Firefox\xul.dll+bf6fc1|C:\Program Files\Mozilla Firefox\xul.dll+beec83|C:\Program Files\Mozilla Firefox\xul.dll+bf8370|C:\Program Files\Mozilla Firefox\xul.dll+fc0059|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a|C:\Program Files\Mozilla Firefox\xul.dll+eb6c37|C:\Program Files\Mozilla Firefox\xul.dll+eb67ec|C:\Program Files\Mozilla Firefox\xul.dll+2b70e2|C:\Program Files\Mozilla Firefox\xul.dll+1ac273f|C:\Program Files\Mozilla Firefox\xul.dll+f1bcd0 10341000x8000000000000000138404Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.791{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138403Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.791{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+bf7923|C:\Program Files\Mozilla Firefox\xul.dll+bf6fc1|C:\Program Files\Mozilla Firefox\xul.dll+beec83|C:\Program Files\Mozilla Firefox\xul.dll+bf8370|C:\Program Files\Mozilla Firefox\xul.dll+fc0059|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a|C:\Program Files\Mozilla Firefox\xul.dll+eb6c37|C:\Program Files\Mozilla Firefox\xul.dll+eb67ec|C:\Program Files\Mozilla Firefox\xul.dll+2b70e2|C:\Program Files\Mozilla Firefox\xul.dll+1ac273f|C:\Program Files\Mozilla Firefox\xul.dll+f1bcd0 10341000x8000000000000000138402Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.791{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+bf7923|C:\Program Files\Mozilla Firefox\xul.dll+bf6fc1|C:\Program Files\Mozilla Firefox\xul.dll+beec83|C:\Program Files\Mozilla Firefox\xul.dll+bf8370|C:\Program Files\Mozilla Firefox\xul.dll+fc0059|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a|C:\Program Files\Mozilla Firefox\xul.dll+eb6c37|C:\Program Files\Mozilla Firefox\xul.dll+eb67ec|C:\Program Files\Mozilla Firefox\xul.dll+2b70e2|C:\Program Files\Mozilla Firefox\xul.dll+1ac273f|C:\Program Files\Mozilla Firefox\xul.dll+f1bcd0 10341000x8000000000000000138401Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.791{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+bf7923|C:\Program Files\Mozilla Firefox\xul.dll+bf6fc1|C:\Program Files\Mozilla Firefox\xul.dll+beec83|C:\Program Files\Mozilla Firefox\xul.dll+bf8370|C:\Program Files\Mozilla Firefox\xul.dll+fc0059|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a|C:\Program Files\Mozilla Firefox\xul.dll+eb6c37|C:\Program Files\Mozilla Firefox\xul.dll+eb67ec|C:\Program Files\Mozilla Firefox\xul.dll+2b70e2|C:\Program Files\Mozilla Firefox\xul.dll+1ac273f|C:\Program Files\Mozilla Firefox\xul.dll+f1bcd0 10341000x8000000000000000138400Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.791{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+3a7e21|C:\Program Files\Mozilla Firefox\xul.dll+3a79a4|C:\Program Files\Mozilla Firefox\xul.dll+3a7848|C:\Program Files\Mozilla Firefox\xul.dll+c0dc1b|C:\Program Files\Mozilla Firefox\xul.dll+c069d2|C:\Program Files\Mozilla Firefox\xul.dll+c0c010|C:\Program Files\Mozilla Firefox\xul.dll+c0c76b|C:\Program Files\Mozilla Firefox\xul.dll+39ae11|C:\Program Files\Mozilla Firefox\xul.dll+c0d539|C:\Program Files\Mozilla Firefox\xul.dll+c104f2|C:\Program Files\Mozilla Firefox\xul.dll+c0cf56|C:\Program Files\Mozilla Firefox\xul.dll+39a61b|C:\Program Files\Mozilla Firefox\xul.dll+c09b18|C:\Program Files\Mozilla Firefox\xul.dll+c0ff68|C:\Program Files\Mozilla Firefox\xul.dll+c102cd 10341000x8000000000000000138399Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.791{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+3a7e21|C:\Program Files\Mozilla Firefox\xul.dll+3a79a4|C:\Program Files\Mozilla Firefox\xul.dll+3a7848|C:\Program Files\Mozilla Firefox\xul.dll+27cf1b8|C:\Program Files\Mozilla Firefox\xul.dll+27c04fc|C:\Program Files\Mozilla Firefox\xul.dll+c07a31|C:\Program Files\Mozilla Firefox\xul.dll+27b74bd|C:\Program Files\Mozilla Firefox\xul.dll+c0ed76|C:\Program Files\Mozilla Firefox\xul.dll+c07efb|C:\Program Files\Mozilla Firefox\xul.dll+39a61b|C:\Program Files\Mozilla Firefox\xul.dll+c09b18|C:\Program Files\Mozilla Firefox\xul.dll+27b872e|C:\Program Files\Mozilla Firefox\xul.dll+27b84c4|C:\Program Files\Mozilla Firefox\xul.dll+c0ffd2|C:\Program Files\Mozilla Firefox\xul.dll+c09d79 10341000x8000000000000000138398Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.760{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b66218|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138397Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.760{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b66218|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138396Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.760{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b66218|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138395Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.760{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b66218|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138394Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.760{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b638f2|C:\Program Files\Mozilla Firefox\xul.dll+316525|C:\Program Files\Mozilla Firefox\xul.dll+fc0875|C:\Program Files\Mozilla Firefox\xul.dll+c04c94|C:\Program Files\Mozilla Firefox\xul.dll+315ded|C:\Program Files\Mozilla Firefox\xul.dll+39de3b|C:\Program Files\Mozilla Firefox\xul.dll+39d63d|C:\Program Files\Mozilla Firefox\xul.dll+bef9ba|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573 10341000x8000000000000000138393Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.760{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b638f2|C:\Program Files\Mozilla Firefox\xul.dll+316525|C:\Program Files\Mozilla Firefox\xul.dll+fc0875|C:\Program Files\Mozilla Firefox\xul.dll+c04c94|C:\Program Files\Mozilla Firefox\xul.dll+315ded|C:\Program Files\Mozilla Firefox\xul.dll+39de3b|C:\Program Files\Mozilla Firefox\xul.dll+39d63d|C:\Program Files\Mozilla Firefox\xul.dll+bef9ba|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573 10341000x8000000000000000138392Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.760{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b638f2|C:\Program Files\Mozilla Firefox\xul.dll+316525|C:\Program Files\Mozilla Firefox\xul.dll+fc0875|C:\Program Files\Mozilla Firefox\xul.dll+c04c94|C:\Program Files\Mozilla Firefox\xul.dll+315ded|C:\Program Files\Mozilla Firefox\xul.dll+39de3b|C:\Program Files\Mozilla Firefox\xul.dll+39d63d|C:\Program Files\Mozilla Firefox\xul.dll+bef9ba|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573 10341000x8000000000000000138391Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.760{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b638f2|C:\Program Files\Mozilla Firefox\xul.dll+b7d7f3|C:\Program Files\Mozilla Firefox\xul.dll+b7d484|C:\Program Files\Mozilla Firefox\xul.dll+fc0140|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a|C:\Program Files\Mozilla Firefox\xul.dll+eb6c37|C:\Program Files\Mozilla Firefox\xul.dll+eb67ec|C:\Program Files\Mozilla Firefox\xul.dll+2b70e2|C:\Program Files\Mozilla Firefox\xul.dll+1ac273f|C:\Program Files\Mozilla Firefox\xul.dll+f1bcd0|C:\Program Files\Mozilla Firefox\xul.dll+f1bb45|C:\Program Files\Mozilla Firefox\xul.dll+f1b6d4|C:\Program Files\Mozilla Firefox\xul.dll+f1b179|C:\Program Files\Mozilla Firefox\xul.dll+f1bdaf 10341000x8000000000000000138390Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.760{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b638f2|C:\Program Files\Mozilla Firefox\xul.dll+b7d7f3|C:\Program Files\Mozilla Firefox\xul.dll+b7d484|C:\Program Files\Mozilla Firefox\xul.dll+fc0140|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a|C:\Program Files\Mozilla Firefox\xul.dll+eb6c37|C:\Program Files\Mozilla Firefox\xul.dll+eb67ec|C:\Program Files\Mozilla Firefox\xul.dll+2b70e2|C:\Program Files\Mozilla Firefox\xul.dll+1ac273f|C:\Program Files\Mozilla Firefox\xul.dll+f1bcd0|C:\Program Files\Mozilla Firefox\xul.dll+f1bb45|C:\Program Files\Mozilla Firefox\xul.dll+f1b6d4|C:\Program Files\Mozilla Firefox\xul.dll+f1b179|C:\Program Files\Mozilla Firefox\xul.dll+f1bdaf 10341000x8000000000000000138389Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.760{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b638f2|C:\Program Files\Mozilla Firefox\xul.dll+b7d7f3|C:\Program Files\Mozilla Firefox\xul.dll+b7d484|C:\Program Files\Mozilla Firefox\xul.dll+fc0140|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a|C:\Program Files\Mozilla Firefox\xul.dll+eb6c37|C:\Program Files\Mozilla Firefox\xul.dll+eb67ec|C:\Program Files\Mozilla Firefox\xul.dll+2b70e2|C:\Program Files\Mozilla Firefox\xul.dll+1ac273f|C:\Program Files\Mozilla Firefox\xul.dll+f1bcd0|C:\Program Files\Mozilla Firefox\xul.dll+f1bb45|C:\Program Files\Mozilla Firefox\xul.dll+f1b6d4|C:\Program Files\Mozilla Firefox\xul.dll+f1b179|C:\Program Files\Mozilla Firefox\xul.dll+f1bdaf 10341000x8000000000000000138388Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.744{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b638f2|C:\Program Files\Mozilla Firefox\xul.dll+b7d7f3|C:\Program Files\Mozilla Firefox\xul.dll+b7d484|C:\Program Files\Mozilla Firefox\xul.dll+b7dcbc|C:\Program Files\Mozilla Firefox\xul.dll+f84252|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a|C:\Program Files\Mozilla Firefox\xul.dll+eb6c37|C:\Program Files\Mozilla Firefox\xul.dll+eb67ec|C:\Program Files\Mozilla Firefox\xul.dll+2b70e2|C:\Program Files\Mozilla Firefox\xul.dll+1ac273f|C:\Program Files\Mozilla Firefox\xul.dll+f1bcd0|C:\Program Files\Mozilla Firefox\xul.dll+f1bb45|C:\Program Files\Mozilla Firefox\xul.dll+f1b6d4|C:\Program Files\Mozilla Firefox\xul.dll+f1b179 10341000x8000000000000000138387Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.744{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b638f2|C:\Program Files\Mozilla Firefox\xul.dll+b7d7f3|C:\Program Files\Mozilla Firefox\xul.dll+b7d484|C:\Program Files\Mozilla Firefox\xul.dll+b7dcbc|C:\Program Files\Mozilla Firefox\xul.dll+f84252|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a|C:\Program Files\Mozilla Firefox\xul.dll+eb6c37|C:\Program Files\Mozilla Firefox\xul.dll+eb67ec|C:\Program Files\Mozilla Firefox\xul.dll+2b70e2|C:\Program Files\Mozilla Firefox\xul.dll+1ac273f|C:\Program Files\Mozilla Firefox\xul.dll+f1bcd0|C:\Program Files\Mozilla Firefox\xul.dll+f1bb45|C:\Program Files\Mozilla Firefox\xul.dll+f1b6d4|C:\Program Files\Mozilla Firefox\xul.dll+f1b179 10341000x8000000000000000138386Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.744{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b638f2|C:\Program Files\Mozilla Firefox\xul.dll+b7d7f3|C:\Program Files\Mozilla Firefox\xul.dll+b7d484|C:\Program Files\Mozilla Firefox\xul.dll+b7dcbc|C:\Program Files\Mozilla Firefox\xul.dll+f84252|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a|C:\Program Files\Mozilla Firefox\xul.dll+eb6c37|C:\Program Files\Mozilla Firefox\xul.dll+eb67ec|C:\Program Files\Mozilla Firefox\xul.dll+2b70e2|C:\Program Files\Mozilla Firefox\xul.dll+1ac273f|C:\Program Files\Mozilla Firefox\xul.dll+f1bcd0|C:\Program Files\Mozilla Firefox\xul.dll+f1bb45|C:\Program Files\Mozilla Firefox\xul.dll+f1b6d4|C:\Program Files\Mozilla Firefox\xul.dll+f1b179 10341000x8000000000000000138385Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.744{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b638f2|C:\Program Files\Mozilla Firefox\xul.dll+b7d7f3|C:\Program Files\Mozilla Firefox\xul.dll+b7d484|C:\Program Files\Mozilla Firefox\xul.dll+b7dcbc|C:\Program Files\Mozilla Firefox\xul.dll+f84252|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a|C:\Program Files\Mozilla Firefox\xul.dll+eb6c37|C:\Program Files\Mozilla Firefox\xul.dll+eb67ec|C:\Program Files\Mozilla Firefox\xul.dll+2b70e2|C:\Program Files\Mozilla Firefox\xul.dll+1ac273f|C:\Program Files\Mozilla Firefox\xul.dll+f1bcd0|C:\Program Files\Mozilla Firefox\xul.dll+f1bb45|C:\Program Files\Mozilla Firefox\xul.dll+f1b6d4|C:\Program Files\Mozilla Firefox\xul.dll+f1b179 10341000x8000000000000000138384Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.744{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+3a7e21|C:\Program Files\Mozilla Firefox\xul.dll+3a79a4|C:\Program Files\Mozilla Firefox\xul.dll+3a7848|C:\Program Files\Mozilla Firefox\xul.dll+c0dc1b|C:\Program Files\Mozilla Firefox\xul.dll+c069d2|C:\Program Files\Mozilla Firefox\xul.dll+27b74bd|C:\Program Files\Mozilla Firefox\xul.dll+c0ed76|C:\Program Files\Mozilla Firefox\xul.dll+c07efb|C:\Program Files\Mozilla Firefox\xul.dll+39a61b|C:\Program Files\Mozilla Firefox\xul.dll+c09b18|C:\Program Files\Mozilla Firefox\xul.dll+27b872e|C:\Program Files\Mozilla Firefox\xul.dll+27b84c4|C:\Program Files\Mozilla Firefox\xul.dll+c0ffd2|C:\Program Files\Mozilla Firefox\xul.dll+c09d79|C:\Program Files\Mozilla Firefox\xul.dll+39a61b 10341000x8000000000000000138383Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.707{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-61B7-615D-E002-00000000FC01}5360C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138382Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.707{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138381Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.707{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138380Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.707{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138379Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.707{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138378Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.707{6EDEAD03-503F-615D-0500-00000000FC01}408424C:\Windows\system32\csrss.exe{6EDEAD03-61B7-615D-E002-00000000FC01}5360C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000138377Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.707{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-61B7-615D-E002-00000000FC01}5360C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000138376Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.708{6EDEAD03-61B7-615D-E002-00000000FC01}5360C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000138375Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.691{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b66218|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138374Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.691{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+3a7e21|C:\Program Files\Mozilla Firefox\xul.dll+3a79a4|C:\Program Files\Mozilla Firefox\xul.dll+3a7848|C:\Program Files\Mozilla Firefox\xul.dll+c0dc1b|C:\Program Files\Mozilla Firefox\xul.dll+c069d2|C:\Program Files\Mozilla Firefox\xul.dll+27b74bd|C:\Program Files\Mozilla Firefox\xul.dll+c0ed76|C:\Program Files\Mozilla Firefox\xul.dll+c07efb|C:\Program Files\Mozilla Firefox\xul.dll+39a61b|C:\Program Files\Mozilla Firefox\xul.dll+c09b18|C:\Program Files\Mozilla Firefox\xul.dll+27b872e|C:\Program Files\Mozilla Firefox\xul.dll+27b84c4|C:\Program Files\Mozilla Firefox\xul.dll+c0ffd2|C:\Program Files\Mozilla Firefox\xul.dll+c09d79|C:\Program Files\Mozilla Firefox\xul.dll+39a61b 10341000x8000000000000000138373Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.691{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+3a7e21|C:\Program Files\Mozilla Firefox\xul.dll+3a79a4|C:\Program Files\Mozilla Firefox\xul.dll+3a7848|C:\Program Files\Mozilla Firefox\xul.dll+c0dc1b|C:\Program Files\Mozilla Firefox\xul.dll+c069d2|C:\Program Files\Mozilla Firefox\xul.dll+27b74bd|C:\Program Files\Mozilla Firefox\xul.dll+c0ed76|C:\Program Files\Mozilla Firefox\xul.dll+c07efb|C:\Program Files\Mozilla Firefox\xul.dll+39a61b|C:\Program Files\Mozilla Firefox\xul.dll+c09b18|C:\Program Files\Mozilla Firefox\xul.dll+27b872e|C:\Program Files\Mozilla Firefox\xul.dll+27b84c4|C:\Program Files\Mozilla Firefox\xul.dll+c0ffd2|C:\Program Files\Mozilla Firefox\xul.dll+c09d79|C:\Program Files\Mozilla Firefox\xul.dll+39a61b 10341000x8000000000000000138372Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.691{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+3a7e21|C:\Program Files\Mozilla Firefox\xul.dll+3a79a4|C:\Program Files\Mozilla Firefox\xul.dll+3a7848|C:\Program Files\Mozilla Firefox\xul.dll+c0dc1b|C:\Program Files\Mozilla Firefox\xul.dll+c069d2|C:\Program Files\Mozilla Firefox\xul.dll+27b74bd|C:\Program Files\Mozilla Firefox\xul.dll+c0ed76|C:\Program Files\Mozilla Firefox\xul.dll+c07efb|C:\Program Files\Mozilla Firefox\xul.dll+39a61b|C:\Program Files\Mozilla Firefox\xul.dll+c09b18|C:\Program Files\Mozilla Firefox\xul.dll+27b872e|C:\Program Files\Mozilla Firefox\xul.dll+27b84c4|C:\Program Files\Mozilla Firefox\xul.dll+c0ffd2|C:\Program Files\Mozilla Firefox\xul.dll+c09d79|C:\Program Files\Mozilla Firefox\xul.dll+39a61b 10341000x8000000000000000138371Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.676{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+3a7e21|C:\Program Files\Mozilla Firefox\xul.dll+3a79a4|C:\Program Files\Mozilla Firefox\xul.dll+3a7848|C:\Program Files\Mozilla Firefox\xul.dll+c0e190|C:\Program Files\Mozilla Firefox\xul.dll+c0db0d|C:\Program Files\Mozilla Firefox\xul.dll+c06b06|C:\Program Files\Mozilla Firefox\xul.dll+c0c010|C:\Program Files\Mozilla Firefox\xul.dll+c0c76b|C:\Program Files\Mozilla Firefox\xul.dll+39ae11|C:\Program Files\Mozilla Firefox\xul.dll+c0d539|C:\Program Files\Mozilla Firefox\xul.dll+c104f2|C:\Program Files\Mozilla Firefox\xul.dll+c0cf56|C:\Program Files\Mozilla Firefox\xul.dll+39a61b|C:\Program Files\Mozilla Firefox\xul.dll+bedfc3|C:\Program Files\Mozilla Firefox\xul.dll+bed195 23542300x8000000000000000138370Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.607{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\ZJUI0E~1.DEF\cert9.db-journalMD5=50FAC9021709CCA6EE84017C18D51383,SHA256=4B1E50667029EEEE526B8C015408FF244D7C1081CBCF4A93C8EE11AF80FEB1F0,IMPHASH=00000000000000000000000000000000falsetrue 22542200x8000000000000000138369Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.740{6EDEAD03-61B3-615D-D602-00000000FC01}1892d1zkz3k4cclnv6.cloudfront.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138368Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.737{6EDEAD03-61B3-615D-D602-00000000FC01}1892d1zkz3k4cclnv6.cloudfront.net018.66.97.117;18.66.97.122;18.66.97.19;18.66.97.89;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138367Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.428{6EDEAD03-61B3-615D-D602-00000000FC01}1892prod.ingestion-edge.prod.dataops.mozgcp.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138366Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.427{6EDEAD03-61B3-615D-D602-00000000FC01}1892prod.ingestion-edge.prod.dataops.mozgcp.net035.227.207.240;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138365Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.238{6EDEAD03-61B3-615D-D602-00000000FC01}1892firefox.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138364Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.236{6EDEAD03-61B3-615D-D602-00000000FC01}1892firefox.com044.235.246.155;44.236.72.93;44.236.48.31;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138363Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.235{6EDEAD03-61B3-615D-D602-00000000FC01}1892firefox.com0::ffff:44.236.48.31;::ffff:44.235.246.155;::ffff:44.236.72.93;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138362Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.228{6EDEAD03-61B3-615D-D602-00000000FC01}1892prod-classifyclient.normandy.prod.cloudops.mozgcp.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138361Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.223{6EDEAD03-61B3-615D-D602-00000000FC01}1892prod-classifyclient.normandy.prod.cloudops.mozgcp.net034.98.75.36;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138360Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.048{6EDEAD03-61B3-615D-D602-00000000FC01}1892a1887.dscq.akamai.net02a02:26f0:1700:f::1737:a1a4;2a02:26f0:1700:f::1737:a194;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138359Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.039{6EDEAD03-61B3-615D-D602-00000000FC01}1892a1887.dscq.akamai.net02.22.118.162;2.22.117.227;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138358Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.038{6EDEAD03-61B3-615D-D602-00000000FC01}1892r3.o.lencr.org0type: 5 o.lencr.edgesuite.net;type: 5 a1887.dscq.akamai.net;::ffff:2.22.117.227;::ffff:2.22.118.162;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138357Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.956{6EDEAD03-61B3-615D-D602-00000000FC01}1892www.mozilla.org.cdn.cloudflare.net02606:4700::6812:a522;2606:4700::6812:a422;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138356Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.953{6EDEAD03-61B3-615D-D602-00000000FC01}1892www.mozilla.org.cdn.cloudflare.net0104.18.164.34;104.18.165.34;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138355Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.937{6EDEAD03-61B3-615D-D602-00000000FC01}1892accounts.firefox.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138354Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.935{6EDEAD03-61B3-615D-D602-00000000FC01}1892accounts.firefox.com052.88.96.248;35.166.84.75;35.161.231.170;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138353Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.934{6EDEAD03-61B3-615D-D602-00000000FC01}1892accounts.firefox.com0::ffff:35.161.231.170;::ffff:52.88.96.248;::ffff:35.166.84.75;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138352Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.880{6EDEAD03-61B3-615D-D602-00000000FC01}1892d2nxq2uap88usk.cloudfront.net02600:9000:225e:aa00:a:da5e:7900:93a1;2600:9000:225e:fa00:a:da5e:7900:93a1;2600:9000:225e:c400:a:da5e:7900:93a1;2600:9000:225e:7000:a:da5e:7900:93a1;2600:9000:225e:d400:a:da5e:7900:93a1;2600:9000:225e:7c00:a:da5e:7900:93a1;2600:9000:225e:d600:a:da5e:7900:93a1;2600:9000:225e:e00:a:da5e:7900:93a1;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138351Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.878{6EDEAD03-61B3-615D-D602-00000000FC01}1892d2nxq2uap88usk.cloudfront.net018.66.139.97;18.66.139.67;18.66.139.125;18.66.139.17;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138350Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.875{6EDEAD03-61B3-615D-D602-00000000FC01}1892cs9.wac.phicdn.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138349Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.873{6EDEAD03-61B3-615D-D602-00000000FC01}1892cs9.wac.phicdn.net093.184.220.29;C:\Program Files\Mozilla Firefox\firefox.exe 354300x8000000000000000138348Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.873{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64630-false93.184.220.29-80http 354300x8000000000000000138347Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.873{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54343- 354300x8000000000000000138346Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.873{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local63308- 354300x8000000000000000138345Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.873{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55609- 354300x8000000000000000138344Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.710{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64625-false44.235.94.69ec2-44-235-94-69.us-west-2.compute.amazonaws.com443https 354300x8000000000000000138343Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.704{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64629-false34.107.221.8282.221.107.34.bc.googleusercontent.com80http 354300x8000000000000000138342Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.685{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54643- 354300x8000000000000000138341Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.685{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55401- 23542300x8000000000000000138340Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.492{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\pending_pings\664676b6-7746-4a38-9928-99f76941547cMD5=0F528C50A98611C48FEBDDE82F908F27,SHA256=C0AAB70AE1F340AF531C379C6210A17C8172D9A49733DB88B7BB0D79611AD527,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138339Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.392{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138338Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.376{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0545F2BDB179DDB436A257B4DFAB9EA4,SHA256=56FB5427D1383E780D8479F78ADC8C0F48F8283A5F746F1D9364DA26F4460213,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138337Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.307{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\pending_pings\b31aad7e-1863-43c0-83ee-2da6c623d9beMD5=BF6A205605551E7CA70A912A2319DBDD,SHA256=3B540443810F58776122B330C1B285AFC3DE5EC4F86BA20C7099A489718C3CF0,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000138336Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.566{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64628-false143.204.209.18server-143-204-209-18.fra53.r.cloudfront.net443https 354300x8000000000000000138335Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.566{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64626-false34.107.221.8282.221.107.34.bc.googleusercontent.com80http 354300x8000000000000000138334Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.566{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64627-false143.204.209.18server-143-204-209-18.fra53.r.cloudfront.net443https 354300x8000000000000000138333Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.565{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60575- 354300x8000000000000000138332Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.565{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54772- 354300x8000000000000000138331Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.564{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64715- 354300x8000000000000000138330Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.564{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58501- 354300x8000000000000000138329Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.556{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57095- 354300x8000000000000000138328Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:33.555{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61702- 354300x8000000000000000138327Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:32.802{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64624-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000138326Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:32.802{6EDEAD03-504E-615D-2700-00000000FC01}2916C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64624-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 10341000x8000000000000000138325Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.261{6EDEAD03-61B7-615D-DE02-00000000FC01}1932632C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138324Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.245{6EDEAD03-5041-615D-1000-00000000FC01}3761736C:\Windows\system32\svchost.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000138323Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.227{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\webappsstore.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138322Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.223{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\webappsstore.sqlite-walMD5=76C9474821C5D0E1B79230BF6E0DCDFA,SHA256=75685E69AFCB69F59B7D64C996412B1A5011FB0BAD983073C52F19A72C467B08,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138321Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.208{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\webappsstore.sqlite-shmMD5=67C03EEDF0175C4F7F85198A20BD0CBC,SHA256=E2769C3A6F4C31C60C87CADA3BA5410E82043FCE78593CF88C053200A39555D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138320Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.208{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\webappsstore.sqlite-journalMD5=945E5C165125D6C7D948D7F79BD43064,SHA256=3F1AFD0513AA59D67844AD6DAFE59C429E3FDE771C3A67C3588B3D1754E196C3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138319Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.192{6EDEAD03-61B3-615D-D602-00000000FC01}18923408C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B7-615D-DF02-00000000FC01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a0b461|C:\Program Files\Mozilla Firefox\xul.dll+a6c6e5|C:\Program Files\Mozilla Firefox\xul.dll+d0281|C:\Program Files\Mozilla Firefox\xul.dll+19d6412|C:\Program Files\Mozilla Firefox\xul.dll+1747b79|C:\Program Files\Mozilla Firefox\xul.dll+167b2d9|C:\Program Files\Mozilla Firefox\xul.dll+26742|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+8b45d7|C:\Program Files\Mozilla Firefox\nss3.dll+7647d|C:\Program Files\Mozilla Firefox\nss3.dll+8e401|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138318Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.161{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B7-615D-DF02-00000000FC01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167c38c|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138317Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.161{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167c38c|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138316Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.161{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167c38c|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138315Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.161{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167c38c|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138314Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.161{6EDEAD03-5041-615D-1000-00000000FC01}3761736C:\Windows\system32\svchost.exe{6EDEAD03-61B7-615D-DF02-00000000FC01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138313Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.161{6EDEAD03-5041-615D-1000-00000000FC01}3761736C:\Windows\system32\svchost.exe{6EDEAD03-61B7-615D-DF02-00000000FC01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138312Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.161{6EDEAD03-503F-615D-0B00-00000000FC01}624672C:\Windows\system32\lsass.exe{6EDEAD03-61B7-615D-DF02-00000000FC01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138311Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.161{6EDEAD03-503F-615D-0B00-00000000FC01}624672C:\Windows\system32\lsass.exe{6EDEAD03-61B7-615D-DF02-00000000FC01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138310Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.145{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B7-615D-DF02-00000000FC01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4efc8|C:\Program Files\Mozilla Firefox\xul.dll+a12d37|C:\Program Files\Mozilla Firefox\xul.dll+a5b7d9|C:\Program Files\Mozilla Firefox\xul.dll+e50238|C:\Program Files\Mozilla Firefox\xul.dll+19e1f56|C:\Program Files\Mozilla Firefox\xul.dll+19d6412|C:\Program Files\Mozilla Firefox\xul.dll+19ae344|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000138309Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:43:35.145{6EDEAD03-61B3-615D-D602-00000000FC01}1892\cubeb-pipe-1892-3C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000138308Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-06 08:43:35.145{6EDEAD03-61B3-615D-D602-00000000FC01}1892\cubeb-pipe-1892-3C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000138307Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.145{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7E01B8C466DF6F27C24C36B16E39B5F3,SHA256=30EB4CEDCB9B43077EE4C22DD681F4499CC06BA77FDD0861E6E09F2BBD12A51A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138306Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.129{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-61B7-615D-DF02-00000000FC01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138305Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.129{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B7-615D-DF02-00000000FC01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+ca12c4|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|UNKNOWN(000000A1BD5A406F) 10341000x8000000000000000138304Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.128{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+ca12c4|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|UNKNOWN(000000A1BD5A406F) 10341000x8000000000000000138303Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.128{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+ca12c4|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|UNKNOWN(000000A1BD5A406F) 10341000x8000000000000000138302Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.128{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+ca12c4|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|UNKNOWN(000000A1BD5A406F) 18141800x8000000000000000138301Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:43:35.128{6EDEAD03-61B5-615D-D902-00000000FC01}1040\chrome.1892.8.131248088C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000138300Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.128{6EDEAD03-5041-615D-1600-00000000FC01}12921348C:\Windows\system32\svchost.exe{6EDEAD03-61B7-615D-DF02-00000000FC01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138299Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.128{6EDEAD03-61B3-615D-D602-00000000FC01}18921972C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B7-615D-DF02-00000000FC01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+1b80fc|C:\Program Files\Mozilla Firefox\xul.dll+a15446|C:\Program Files\Mozilla Firefox\xul.dll+a0ffef|C:\Program Files\Mozilla Firefox\xul.dll+19ce81f|C:\Program Files\Mozilla Firefox\xul.dll+19cd1ec|C:\Program Files\Mozilla Firefox\xul.dll+13c95|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+13378|C:\Program Files\Mozilla Firefox\xul.dll+9f2211|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x8000000000000000138298Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-06 08:43:35.127{6EDEAD03-61B3-615D-D602-00000000FC01}1892\chrome.1892.8.131248088C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000138297Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:43:35.126{6EDEAD03-61B3-615D-D602-00000000FC01}1892\chrome.1892.7.51411013C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000138296Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.124{6EDEAD03-61B3-615D-D602-00000000FC01}18926100C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B7-615D-DF02-00000000FC01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+13527b|C:\Program Files\Mozilla Firefox\xul.dll+12239ed|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000138295Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:43:35.124{6EDEAD03-61B3-615D-D602-00000000FC01}1892\gecko-crash-server-pipe.1892C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000138294Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.092{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=885E84430A37C49298945C344B22A506,SHA256=443250023F062F8ACF642A78394529DCE4181DAD901B41BA0165B5D4EDFC5929,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138293Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.092{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B7-615D-DF02-00000000FC01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2f710|C:\Program Files\Mozilla Firefox\xul.dll+e5ba99|C:\Program Files\Mozilla Firefox\xul.dll+e57449|C:\Program Files\Mozilla Firefox\xul.dll+e49022|C:\Program Files\Mozilla Firefox\xul.dll+362c4d4|C:\Program Files\Mozilla Firefox\xul.dll+362c440|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138292Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.092{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B7-615D-DF02-00000000FC01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+362c4d4|C:\Program Files\Mozilla Firefox\xul.dll+362c440|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d 10341000x8000000000000000138291Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.092{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B7-615D-DF02-00000000FC01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+362c4d4|C:\Program Files\Mozilla Firefox\xul.dll+362c440|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d 10341000x8000000000000000138290Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.092{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B7-615D-DF02-00000000FC01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+362c4d4|C:\Program Files\Mozilla Firefox\xul.dll+362c440|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d 10341000x8000000000000000138289Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.092{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B7-615D-DF02-00000000FC01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+362c4d4|C:\Program Files\Mozilla Firefox\xul.dll+362c440|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d 10341000x8000000000000000138288Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.092{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B7-615D-DF02-00000000FC01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+362c4d4|C:\Program Files\Mozilla Firefox\xul.dll+362c440|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d 10341000x8000000000000000138287Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.092{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B7-615D-DF02-00000000FC01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+362c4d4|C:\Program Files\Mozilla Firefox\xul.dll+362c440|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d 10341000x8000000000000000138286Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.092{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B7-615D-DF02-00000000FC01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+362c4d4|C:\Program Files\Mozilla Firefox\xul.dll+362c440|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d 10341000x8000000000000000138285Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.092{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B7-615D-DF02-00000000FC01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+362c4d4|C:\Program Files\Mozilla Firefox\xul.dll+362c440|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d 10341000x8000000000000000138284Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.092{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B7-615D-DF02-00000000FC01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+362c4d4|C:\Program Files\Mozilla Firefox\xul.dll+362c440|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d 10341000x8000000000000000138283Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.092{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B7-615D-DF02-00000000FC01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+362c4d4|C:\Program Files\Mozilla Firefox\xul.dll+362c440|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d 10341000x8000000000000000138282Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.092{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B7-615D-DF02-00000000FC01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+362c4d4|C:\Program Files\Mozilla Firefox\xul.dll+362c440|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d 10341000x8000000000000000138281Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.092{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B7-615D-DF02-00000000FC01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+362c4d4|C:\Program Files\Mozilla Firefox\xul.dll+362c440|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d 10341000x8000000000000000138280Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.092{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B7-615D-DF02-00000000FC01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+362c4d4|C:\Program Files\Mozilla Firefox\xul.dll+362c440|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d 10341000x8000000000000000138279Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.092{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B7-615D-DF02-00000000FC01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+e48ccc|C:\Program Files\Mozilla Firefox\xul.dll+362c4d4|C:\Program Files\Mozilla Firefox\xul.dll+362c440|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000138278Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.092{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B7-615D-DF02-00000000FC01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+e48c43|C:\Program Files\Mozilla Firefox\xul.dll+362c4d4|C:\Program Files\Mozilla Firefox\xul.dll+362c440|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138277Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.076{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B7-615D-DF02-00000000FC01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+c2e55|C:\Program Files\Mozilla Firefox\xul.dll+e4891a|C:\Program Files\Mozilla Firefox\xul.dll+362c4d4|C:\Program Files\Mozilla Firefox\xul.dll+362c440|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138276Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.061{6EDEAD03-61B3-615D-D602-00000000FC01}18921972C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B7-615D-DF02-00000000FC01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+a0942f|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+166d71b|C:\Program Files\Mozilla Firefox\xul.dll+19cd045|C:\Program Files\Mozilla Firefox\xul.dll+13c95|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+13378|C:\Program Files\Mozilla Firefox\xul.dll+9f2211|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138275Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.061{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138274Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.061{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138273Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.061{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138272Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.061{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138271Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.061{6EDEAD03-538E-615D-FD00-00000000FC01}1004524C:\Windows\system32\csrss.exe{6EDEAD03-61B7-615D-DF02-00000000FC01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000138270Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.061{6EDEAD03-61B3-615D-D602-00000000FC01}18925908C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B7-615D-DF02-00000000FC01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+188af|C:\Program Files\Mozilla Firefox\firefox.exe+2f07d|C:\Program Files\Mozilla Firefox\firefox.exe+2e285|C:\Program Files\Mozilla Firefox\xul.dll+1fd1d9a|C:\Program Files\Mozilla Firefox\xul.dll+a04e9a|C:\Program Files\Mozilla Firefox\xul.dll+a03065|C:\Program Files\Mozilla Firefox\xul.dll+a0a25e|C:\Program Files\Mozilla Firefox\xul.dll+8b1df0|C:\Program Files\Mozilla Firefox\xul.dll+167b2d9|C:\Program Files\Mozilla Firefox\xul.dll+2680a|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+8b45d7|C:\Program Files\Mozilla Firefox\nss3.dll+7647d|C:\Program Files\Mozilla Firefox\nss3.dll+8e401|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000138269Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.068{6EDEAD03-61B7-615D-DF02-00000000FC01}5448C:\Program Files\Mozilla Firefox\firefox.exe92.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1892.7.514110137\1880629287" -childID 4 -isForBrowser -prefsHandle 4136 -prefMapHandle 4160 -prefsLen 10561 -prefMapSize 235910 -jsInit 1128 285716 -parentBuildID 20210922161155 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1892 "\\.\pipe\gecko-crash-server-pipe.1892" 4132 1dae72f5b38 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6EDEAD03-5390-615D-37C9-0C0000000000}0xcc9372LowMD5=DBDB3EFACC3D9039A4F5703662099178,SHA256=534A44A08893AFBE78E04B4CFF80BD00BFC40562A923E8AF38E240227A643FFB,IMPHASH=AECE7B7E776840D7A7255A31B309B7E4{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 23542300x8000000000000000138268Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.061{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B636BC2096AA968890F97EE8D585776B,SHA256=B477065C86B0C4A36628D865496CF0221484F241ED44CE182B18E71EE6D6FD06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138267Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.061{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=5847EF743988DF8071E25643BD48BDE1,SHA256=776CEFBE4730BA6E82602210847A0DFC7A62B42F8C605DFAA18312FF95898447,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138266Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.045{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DC02-00000000FC01}4256C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167c38c|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138265Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.045{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DB02-00000000FC01}4228C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167c38c|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138264Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.045{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-DA02-00000000FC01}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+2165eb|C:\Program Files\Mozilla Firefox\xul.dll+89b961|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167c38c|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x8000000000000000138263Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-06 08:43:35.045{6EDEAD03-61B3-615D-D602-00000000FC01}1892\chrome.1892.7.51411013C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000138262Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.045{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=4400EA98AA241EB6F0953AB1954BBBC2,SHA256=578EA6AB424A2F34E788FE9F05CF0DA7A890A985BB0F13E0411A1D14941A4540,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138261Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.045{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-61B7-615D-DE02-00000000FC01}1932C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138260Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.045{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138259Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.045{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138258Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.045{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138257Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.045{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138256Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.045{6EDEAD03-503F-615D-0500-00000000FC01}408524C:\Windows\system32\csrss.exe{6EDEAD03-61B7-615D-DE02-00000000FC01}1932C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000138255Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.045{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-61B7-615D-DE02-00000000FC01}1932C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000138254Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.046{6EDEAD03-61B7-615D-DE02-00000000FC01}1932C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000138253Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.045{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=2059207929AA4CAED630428AEFB2A0F5,SHA256=67B07D6AF46BA358250B70ED1F94A71D9F6C5A3D938D6DD26C7C5F313485D545,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138252Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.029{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=F856BA5659B593FD06DA9C9C2EC9CB0E,SHA256=883DD16C05FF0805C16C16F718FFD66F5CE664BD430AE439E685C13716C41381,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138251Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.029{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=0807C8D1A6B0486482A6F1F2DA11C3ED,SHA256=5F51D98A3CC6547EF22CB7DB594BE753E382023A7B5F51300A86C3802BDC3BC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138250Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.029{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=A10B569AE0BA6D77DC52D1DF3E666E95,SHA256=8581C499263CAD7D57B3AF49BD3AA83D4D63261C390B1E6754CAFB1DB1E62EF2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138249Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.029{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=71CC7D970B5DCF119A9E19BDA8AAD8D9,SHA256=3A553767313A05BB3EDD5FBF8A5B6345B6D486A7034D7385EFA2255FB4E0DE32,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138248Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.029{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=5EACF3AFB3E145C611C1431B11999D3C,SHA256=3B8DD95254ECD1EEFC8F8EC0911367BC42C4985380E6DC673012905ED52E7180,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138247Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.029{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=B2129FFF48029F92AA0E5F8D97BC7B56,SHA256=E57FB49F1B36E978B80650A54028DAA7885749CFB120DA3968CA42989BFC5139,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138246Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.029{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=F1C12B19B4E095E8C5D39DBBDB0B4AD8,SHA256=4EFC8C31D3FB7912B953936DBF22A311A90EEE81A9C4B3EB07D1EE3B7BE966F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138245Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.029{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=4B0899BC1E31D782981A1AB6AD35F9E3,SHA256=417AEF7B31CFB264975CF0CFF280AA09473E9B70C3AECE10291CD574E1FD6B48,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138244Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.029{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138243Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.029{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=4B0899BC1E31D782981A1AB6AD35F9E3,SHA256=417AEF7B31CFB264975CF0CFF280AA09473E9B70C3AECE10291CD574E1FD6B48,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138242Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.029{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=464E149301F1AE03545E3A3361A2DE01,SHA256=EED7570FE47FF689B08C1066FDD8776FE7EF7716AE513C9CC06C02DBFC2AECBB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138241Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.028{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=094AE4F208EC419903EABDC5147E1F0C,SHA256=FBD3E1EE387248E032D4F58A1E96BECCC748A24D133063EC40EF7AF3B60AD789,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138240Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.026{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=6452E8512E826AE7365042E2BCD2294E,SHA256=D629839F705279BD0CF1D22EE4F8A03F669E8ABB770D3E4FDD80E335526007C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138239Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.024{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=621F5A717DCBBBB5C2E3D1B41A928ABE,SHA256=F7A266847658BEDB34B5B254D2504D8792CFE30C262849F3CED560916D314C64,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138238Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.008{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138237Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.008{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=D6E513DC704214022029F0B94E84AD3F,SHA256=4E52E24CFFCF876558FB346D30F381CC9514943BC0922A966A91DFEC864C4216,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138236Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.008{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\ProgramData\Mozilla\updates\308046B0AF4A39CB\update-config.jsonMD5=FE74F5C38F433736EE7015868CFB159E,SHA256=3F7B3252EF3B6217AD78ADB7007738601CE1EEBCA69F55990B64BF254BD4FC63,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138235Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.008{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=866E0D5F28A1EAFC9754671F15E1C6E9,SHA256=7FB67BD08BDC8822D1E058CC7840CFAB8E379045FB23305A2522864E90B34338,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138234Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.008{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=199F9F25872841F52322022D5D8FAC2F,SHA256=1AEA3CE8628301EA13C94F22ED561FD7B1DF258A53E8896F9A62562CC5E77045,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138233Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.008{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-walMD5=DCCC29B3558681014CF9F2854A9F196D,SHA256=E7A743819E70CAC4C7DCBD89796F21CF4B0BEDC6FF4E5D83E8AB54C6471F0764,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138232Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.008{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=0AEC4F8DF24FE106D2283B5F549F689A,SHA256=5E0C6BC5B02B08EB17505C990C6B177F014B1F7BBE9964D1803DD741AC04D918,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138231Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.008{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=A7EB563FAC3D43483082D1F0AB2D2300,SHA256=8A1575CB609AE334AB2D9655DDDAA7C821443394B269D1952AF5CBC0167852DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138230Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.008{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=AED1D6F6EABFDF9AB050CA97673BD23F,SHA256=54876FD1F4F104C3ED8DD07F98C6A1468F9E7AAE591062BD0DA90F9230CAC67B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138229Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.008{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=1D18892BD55F4F10CA2A830F0317D998,SHA256=354D30561EBE4AA2518DCDCB145E93828A59A6A06D253F4F494AF1AFDBE26683,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138228Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.008{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=C3567A933E351FA63DD27B1E13D59DF4,SHA256=FF301DEB1C7A87CAF90131EAD815C6CEB9195220826D360FC46B285E4E18B54D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138227Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.008{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=A0B36AC3533618B1363048BD0DEBAF9E,SHA256=32FE0A2BF0F1F4B78E3F4E3F1DD19F62DAB7493E01795D27B74C242A0D6B6C2E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138226Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.992{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=0A938EB651AE1DEE4F58EF9B3548DACC,SHA256=14E4199657067B3C107F818CBD8AD539B6C996C734DFB573071A9163A0E5B57C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138225Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.992{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=AAE1B6BE9B991B8AF638F64FF137A69E,SHA256=FD341E5195E181793F3EBB2AF95BF538440D028B2621439F7276AB3CDD313DE7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138224Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.992{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=A82BD5338B2388802601924C1579241E,SHA256=8785C07A91B0BFD67012910EDE5C68F877818A66593765097AAB2338ED9EE58D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120728Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:36.246{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C51C4B07A171F195DDD19A567DB7BBE7,SHA256=B4B9751D46ED37A5E0EF71C397CA36AC7184FF692C311651F190AF4CBF943863,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138520Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:36.974{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\ZJUI0E~1.DEF\cert9.db-journalMD5=9840A74D33914199209C7A57BD136400,SHA256=74238CABAA5CAA3854EA9C012E45E53E63BB0279433A60819CA9854CF89F5276,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000138519Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.152{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64660-false34.120.115.102102.115.120.34.bc.googleusercontent.com443https 354300x8000000000000000138518Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.151{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64659-false34.120.115.102102.115.120.34.bc.googleusercontent.com443https 354300x8000000000000000138517Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.150{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64661-false18.66.97.122-443https 354300x8000000000000000138516Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.149{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64584- 354300x8000000000000000138515Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.149{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57515- 354300x8000000000000000138514Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.129{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64658-false18.66.97.122-443https 354300x8000000000000000138513Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.097{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64657-false18.66.97.122-443https 354300x8000000000000000138512Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.034{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64656-false18.66.97.122-443https 354300x8000000000000000138511Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.981{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64655-false18.66.97.122-443https 354300x8000000000000000138510Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.910{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64654-false18.66.97.122-443https 354300x8000000000000000138509Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.905{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64653-false143.204.201.188server-143-204-201-188.fra53.r.cloudfront.net443https 354300x8000000000000000138508Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.902{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60568- 354300x8000000000000000138507Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.902{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55394- 23542300x8000000000000000138506Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:36.775{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3B754B0A8ED733BC2D4AF5A650F274B8,SHA256=69C20BB44931383778617D3C72F927618D2C7BCBC984D2D06B0E46A255511E75,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138505Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:36.759{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+bf7923|C:\Program Files\Mozilla Firefox\xul.dll+bf6fc1|C:\Program Files\Mozilla Firefox\xul.dll+beec83|C:\Program Files\Mozilla Firefox\xul.dll+bf8370|C:\Program Files\Mozilla Firefox\xul.dll+feccf0|C:\Program Files\Mozilla Firefox\xul.dll+fddacb|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a|C:\Program Files\Mozilla Firefox\xul.dll+eb6c37|C:\Program Files\Mozilla Firefox\xul.dll+eb67ec|C:\Program Files\Mozilla Firefox\xul.dll+2b70e2|C:\Program Files\Mozilla Firefox\xul.dll+1ac273f 10341000x8000000000000000138504Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:36.759{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b638f2|C:\Program Files\Mozilla Firefox\xul.dll+b7d7f3|C:\Program Files\Mozilla Firefox\xul.dll+b7d484|C:\Program Files\Mozilla Firefox\xul.dll+b7dcbc|C:\Program Files\Mozilla Firefox\xul.dll+f84252|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a|C:\Program Files\Mozilla Firefox\xul.dll+eb6c37|C:\Program Files\Mozilla Firefox\xul.dll+eb67ec|C:\Program Files\Mozilla Firefox\xul.dll+2b70e2|C:\Program Files\Mozilla Firefox\xul.dll+1ac273f|C:\Program Files\Mozilla Firefox\xul.dll+f1bcd0|C:\Program Files\Mozilla Firefox\xul.dll+f1bb45|C:\Program Files\Mozilla Firefox\xul.dll+f1b6d4|C:\Program Files\Mozilla Firefox\xul.dll+f1b179 10341000x8000000000000000138503Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:36.728{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b66218|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138502Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:36.728{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b638f2|C:\Program Files\Mozilla Firefox\xul.dll+b7d7f3|C:\Program Files\Mozilla Firefox\xul.dll+b7d484|C:\Program Files\Mozilla Firefox\xul.dll+b7dcbc|C:\Program Files\Mozilla Firefox\xul.dll+f84252|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a|C:\Program Files\Mozilla Firefox\xul.dll+eb6c37|C:\Program Files\Mozilla Firefox\xul.dll+eb67ec|C:\Program Files\Mozilla Firefox\xul.dll+2b70e2|C:\Program Files\Mozilla Firefox\xul.dll+1ac273f|C:\Program Files\Mozilla Firefox\xul.dll+f1bcd0|C:\Program Files\Mozilla Firefox\xul.dll+f1bb45|C:\Program Files\Mozilla Firefox\xul.dll+f1b6d4|C:\Program Files\Mozilla Firefox\xul.dll+f1b179 10341000x8000000000000000138501Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:36.728{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b638f2|C:\Program Files\Mozilla Firefox\xul.dll+b7d7f3|C:\Program Files\Mozilla Firefox\xul.dll+b7d484|C:\Program Files\Mozilla Firefox\xul.dll+b7dcbc|C:\Program Files\Mozilla Firefox\xul.dll+f84252|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a|C:\Program Files\Mozilla Firefox\xul.dll+eb6c37|C:\Program Files\Mozilla Firefox\xul.dll+eb67ec|C:\Program Files\Mozilla Firefox\xul.dll+2b70e2|C:\Program Files\Mozilla Firefox\xul.dll+1ac273f|C:\Program Files\Mozilla Firefox\xul.dll+f1bcd0|C:\Program Files\Mozilla Firefox\xul.dll+f1bb45|C:\Program Files\Mozilla Firefox\xul.dll+f1b6d4|C:\Program Files\Mozilla Firefox\xul.dll+f1b179 10341000x8000000000000000138500Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:36.728{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+bf7923|C:\Program Files\Mozilla Firefox\xul.dll+bf6fc1|C:\Program Files\Mozilla Firefox\xul.dll+beec83|C:\Program Files\Mozilla Firefox\xul.dll+bf8370|C:\Program Files\Mozilla Firefox\xul.dll+f841c8|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a|C:\Program Files\Mozilla Firefox\xul.dll+eb6c37|C:\Program Files\Mozilla Firefox\xul.dll+eb67ec|C:\Program Files\Mozilla Firefox\xul.dll+2b70e2|C:\Program Files\Mozilla Firefox\xul.dll+1ac273f|C:\Program Files\Mozilla Firefox\xul.dll+f1bcd0 10341000x8000000000000000138499Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:36.728{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+bf7923|C:\Program Files\Mozilla Firefox\xul.dll+bf6fc1|C:\Program Files\Mozilla Firefox\xul.dll+beec83|C:\Program Files\Mozilla Firefox\xul.dll+bf8370|C:\Program Files\Mozilla Firefox\xul.dll+f841c8|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a|C:\Program Files\Mozilla Firefox\xul.dll+eb6c37|C:\Program Files\Mozilla Firefox\xul.dll+eb67ec|C:\Program Files\Mozilla Firefox\xul.dll+2b70e2|C:\Program Files\Mozilla Firefox\xul.dll+1ac273f|C:\Program Files\Mozilla Firefox\xul.dll+f1bcd0 23542300x8000000000000000138498Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:36.690{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\formhistory.sqlite-journalMD5=E8CE4888B0BBBF9BE81BF204E19D230F,SHA256=DF40D2ABEA1A74EFACA064067658BCA67DCE81B11A66E759F2A583DA3356339A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138497Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:36.690{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\formhistory.sqlite-journalMD5=17EE072B7F53F1F811BBA13115CAD0AE,SHA256=1F0BB497F176378EF549B140AEC0FD0C942C76D1D959413DBFE78BFADD6DCE6D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138496Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:36.690{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+bf7923|C:\Program Files\Mozilla Firefox\xul.dll+bf6fc1|C:\Program Files\Mozilla Firefox\xul.dll+beec83|C:\Program Files\Mozilla Firefox\xul.dll+bf8370|C:\Program Files\Mozilla Firefox\xul.dll+f841c8|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a|C:\Program Files\Mozilla Firefox\xul.dll+eb6c37|C:\Program Files\Mozilla Firefox\xul.dll+eb67ec|C:\Program Files\Mozilla Firefox\xul.dll+2b70e2|C:\Program Files\Mozilla Firefox\xul.dll+1ac273f|C:\Program Files\Mozilla Firefox\xul.dll+f1bcd0 23542300x8000000000000000138495Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:36.659{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138494Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:36.606{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+bf7923|C:\Program Files\Mozilla Firefox\xul.dll+bf6fc1|C:\Program Files\Mozilla Firefox\xul.dll+beec83|C:\Program Files\Mozilla Firefox\xul.dll+bf8370|C:\Program Files\Mozilla Firefox\xul.dll+fc0059|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a|C:\Program Files\Mozilla Firefox\xul.dll+eb6c37|C:\Program Files\Mozilla Firefox\xul.dll+eb67ec|C:\Program Files\Mozilla Firefox\xul.dll+2b70e2|C:\Program Files\Mozilla Firefox\xul.dll+1ac273f|C:\Program Files\Mozilla Firefox\xul.dll+f1ccb6 22542200x8000000000000000138493Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.906{6EDEAD03-61B3-615D-D602-00000000FC01}1892dzlgdtxcws9pb.cloudfront.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138492Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.902{6EDEAD03-61B3-615D-D602-00000000FC01}1892dzlgdtxcws9pb.cloudfront.net0143.204.201.188;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138491Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.902{6EDEAD03-61B3-615D-D602-00000000FC01}1892www.firefox.com0type: 5 fxc-prod.moz.works;type: 5 dzlgdtxcws9pb.cloudfront.net;::ffff:143.204.201.188;C:\Program Files\Mozilla Firefox\firefox.exe 354300x8000000000000000138490Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.891{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local65047- 354300x8000000000000000138489Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.890{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64652-false35.227.207.240240.207.227.35.bc.googleusercontent.com443https 354300x8000000000000000138488Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.865{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64651-false18.66.97.122-443https 354300x8000000000000000138487Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.847{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64650-false18.66.97.122-443https 354300x8000000000000000138486Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.818{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64649-false18.66.97.122-443https 354300x8000000000000000138485Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.800{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64648-false18.66.97.122-443https 354300x8000000000000000138484Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.749{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64647-false18.66.97.122-443https 354300x8000000000000000138483Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.737{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64646-false18.66.97.89-443https 354300x8000000000000000138482Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.737{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56919- 354300x8000000000000000138481Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.736{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59404- 354300x8000000000000000138480Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.731{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local63965- 354300x8000000000000000138479Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.723{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64645-false13.225.87.20server-13-225-87-20.fra2.r.cloudfront.net443https 354300x8000000000000000138478Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.722{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local63864- 354300x8000000000000000138477Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.682{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruetruefe80:0:0:0:0:ffff:ffff:fffe-53480-true2001:dc3:0:0:0:0:0:35-53domain 354300x8000000000000000138476Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.559{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64644-false93.184.220.29-80http 354300x8000000000000000138475Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.505{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64643-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000138474Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.473{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-64609- 354300x8000000000000000138473Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.473{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-63917- 354300x8000000000000000138472Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.473{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-56250- 354300x8000000000000000138471Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.466{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64641-false34.215.244.109ec2-34-215-244-109.us-west-2.compute.amazonaws.com443https 354300x8000000000000000138470Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.440{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56250- 354300x8000000000000000138469Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.440{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54950- 354300x8000000000000000138468Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.440{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local63917- 354300x8000000000000000138467Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.439{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64609- 354300x8000000000000000138466Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.438{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57356- 354300x8000000000000000138465Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.438{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55492- 354300x8000000000000000138464Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.438{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59684- 354300x8000000000000000138463Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.437{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57754- 354300x8000000000000000138462Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.437{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60407- 354300x8000000000000000138461Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.428{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64642-false35.227.207.240240.207.227.35.bc.googleusercontent.com443https 354300x8000000000000000138460Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.427{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local62532- 354300x8000000000000000138459Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.426{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55325- 354300x8000000000000000138458Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.423{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58830- 354300x8000000000000000138457Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.391{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64640-false34.214.179.131ec2-34-214-179-131.us-west-2.compute.amazonaws.com443https 354300x8000000000000000138456Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.380{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64639-false44.236.48.31ec2-44-236-48-31.us-west-2.compute.amazonaws.com443https 354300x8000000000000000138455Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.318{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55466- 354300x8000000000000000138454Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.318{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60403- 23542300x8000000000000000138453Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:36.259{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=79AC4477E2970BC392CA6EE2C06BAA33,SHA256=F60321C514AA14FE327F25EF910218230B41896C77B93C9E73E625C627145C0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138452Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:36.206{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\search.json.mozlz4MD5=EDC2299EBA84E99AF7C7438ECB7A6CF4,SHA256=CF230F5192B5F53B410CB948B49A0BE09FAD7E80B9125E0D4F348C12C12BC9B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138451Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:36.124{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000138450Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.316{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local63678- 354300x8000000000000000138449Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.248{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58737- 354300x8000000000000000138448Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.248{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55157- 354300x8000000000000000138447Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.245{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local63501- 354300x8000000000000000138446Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.229{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61986- 354300x8000000000000000138445Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.227{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64638-false34.98.75.3636.75.98.34.bc.googleusercontent.com443https 354300x8000000000000000138444Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.223{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local65196- 354300x8000000000000000138443Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.223{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54110- 354300x8000000000000000138442Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.184{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64637-false52.222.214.12server-52-222-214-12.fra56.r.cloudfront.net443https 354300x8000000000000000138441Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.182{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local62879- 354300x8000000000000000138440Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:34.170{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60192- 354300x8000000000000000120730Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:35.756{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50599-false10.0.1.12-8000- 23542300x8000000000000000120729Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:37.262{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C22C0FEF0C69B3C9EEF4C31B1C04076,SHA256=043EE4AACF05E973D36006776802C9E966EF14FBA39167683C0A16E8B7C1390F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138551Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.781{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-61B9-615D-E102-00000000FC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138550Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.778{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138549Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.778{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138548Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.777{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138547Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.777{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138546Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.777{6EDEAD03-503F-615D-0500-00000000FC01}408524C:\Windows\system32\csrss.exe{6EDEAD03-61B9-615D-E102-00000000FC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000138545Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.777{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-61B9-615D-E102-00000000FC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000138544Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.777{6EDEAD03-61B9-615D-E102-00000000FC01}5564C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000138543Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.449{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DE744A0D7B7FB9B0396417C617EF3BEB,SHA256=9E96E0D6CE6FE2FF8C4D06A747E2F0AD713186176136B8ABE57983118474A9D8,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000138542Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.487{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-63202- 354300x8000000000000000138541Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.487{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-54106- 354300x8000000000000000138540Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.487{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-62620- 354300x8000000000000000138539Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.487{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-63103- 354300x8000000000000000138538Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.487{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-54107- 354300x8000000000000000138537Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.487{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-64676- 354300x8000000000000000138536Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.453{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local63202- 354300x8000000000000000138535Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.452{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54108- 354300x8000000000000000138534Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.452{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54107- 354300x8000000000000000138533Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.452{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local63103- 354300x8000000000000000138532Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.451{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57382- 354300x8000000000000000138531Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.451{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56883- 354300x8000000000000000138530Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.451{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54106- 354300x8000000000000000138529Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.451{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local62620- 354300x8000000000000000138528Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.450{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64676- 354300x8000000000000000138527Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.300{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64668-false18.66.97.122-443https 354300x8000000000000000138526Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.285{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64667-false18.66.97.122-443https 354300x8000000000000000138525Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.248{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64666-false18.66.97.122-443https 354300x8000000000000000138524Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.232{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64665-false18.66.97.122-443https 354300x8000000000000000138523Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.213{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64664-false18.66.97.122-443https 354300x8000000000000000138522Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.198{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64662-false2.22.117.227a2-22-117-227.deploy.static.akamaitechnologies.com80http 354300x8000000000000000138521Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.195{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64663-false18.66.97.122-443https 23542300x8000000000000000120731Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:38.340{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3C4F68A2386C0786A1C25BA451EA2E45,SHA256=9AB66673A426691725A21BAFF3D7BC2E7389E4A115CDFDD7F84BBFD87F68AC6F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000138631Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.112{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local63623- 354300x8000000000000000138630Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.111{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56218- 354300x8000000000000000138629Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.109{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local65064- 354300x8000000000000000138628Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.109{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64615- 354300x8000000000000000138627Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.109{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local62159- 354300x8000000000000000138626Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.109{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54346- 354300x8000000000000000138625Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.108{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54386- 354300x8000000000000000138624Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.108{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58401- 354300x8000000000000000138623Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.106{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58416- 354300x8000000000000000138622Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.106{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local62329- 23542300x8000000000000000138621Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:38.804{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0C6D784BECBF63914AF4BEFEC8C853AF,SHA256=A8EF24A66F7A9F192449FF58EC24E47EFC382226917F1ABB4240A9F703C6BB69,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138620Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:38.757{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+3a7e21|C:\Program Files\Mozilla Firefox\xul.dll+3a79a4|C:\Program Files\Mozilla Firefox\xul.dll+3a7848|C:\Program Files\Mozilla Firefox\xul.dll+27cf1b8|C:\Program Files\Mozilla Firefox\xul.dll+27c04fc|C:\Program Files\Mozilla Firefox\xul.dll+c07a31|C:\Program Files\Mozilla Firefox\xul.dll+27b74bd|C:\Program Files\Mozilla Firefox\xul.dll+c0ed76|C:\Program Files\Mozilla Firefox\xul.dll+c07efb|C:\Program Files\Mozilla Firefox\xul.dll+39a61b|C:\Program Files\Mozilla Firefox\xul.dll+c09b18|C:\Program Files\Mozilla Firefox\xul.dll+27b872e|C:\Program Files\Mozilla Firefox\xul.dll+27b84c4|C:\Program Files\Mozilla Firefox\xul.dll+c0ffd2|C:\Program Files\Mozilla Firefox\xul.dll+c09d79 10341000x8000000000000000138619Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:38.752{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b66218|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138618Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:38.729{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+3a7e21|C:\Program Files\Mozilla Firefox\xul.dll+3a79a4|C:\Program Files\Mozilla Firefox\xul.dll+3a7848|C:\Program Files\Mozilla Firefox\xul.dll+27cf1b8|C:\Program Files\Mozilla Firefox\xul.dll+27c04fc|C:\Program Files\Mozilla Firefox\xul.dll+c07a31|C:\Program Files\Mozilla Firefox\xul.dll+27b74bd|C:\Program Files\Mozilla Firefox\xul.dll+c0ed76|C:\Program Files\Mozilla Firefox\xul.dll+c07efb|C:\Program Files\Mozilla Firefox\xul.dll+39a61b|C:\Program Files\Mozilla Firefox\xul.dll+c09b18|C:\Program Files\Mozilla Firefox\xul.dll+27b872e|C:\Program Files\Mozilla Firefox\xul.dll+27b84c4|C:\Program Files\Mozilla Firefox\xul.dll+c0ffd2|C:\Program Files\Mozilla Firefox\xul.dll+c09d79 10341000x8000000000000000138617Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:38.728{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+3a7e21|C:\Program Files\Mozilla Firefox\xul.dll+3a79a4|C:\Program Files\Mozilla Firefox\xul.dll+3a7848|C:\Program Files\Mozilla Firefox\xul.dll+27cf1b8|C:\Program Files\Mozilla Firefox\xul.dll+27c04fc|C:\Program Files\Mozilla Firefox\xul.dll+c07a31|C:\Program Files\Mozilla Firefox\xul.dll+27b74bd|C:\Program Files\Mozilla Firefox\xul.dll+c0ed76|C:\Program Files\Mozilla Firefox\xul.dll+c07efb|C:\Program Files\Mozilla Firefox\xul.dll+39a61b|C:\Program Files\Mozilla Firefox\xul.dll+c09b18|C:\Program Files\Mozilla Firefox\xul.dll+27b872e|C:\Program Files\Mozilla Firefox\xul.dll+27b84c4|C:\Program Files\Mozilla Firefox\xul.dll+c0ffd2|C:\Program Files\Mozilla Firefox\xul.dll+c09d79 10341000x8000000000000000138616Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:38.718{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138615Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:38.717{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138614Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:38.712{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138613Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:38.712{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138612Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:38.711{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138611Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:38.711{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138610Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:38.705{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138609Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:38.705{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138608Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:38.704{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138607Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:38.704{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138606Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:38.703{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138605Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:38.703{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138604Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:38.702{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 22542200x8000000000000000138603Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.597{6EDEAD03-61B3-615D-D602-00000000FC01}1892gstaticadssl.l.google.com02a00:1450:4001:801::2003;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138602Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.585{6EDEAD03-61B3-615D-D602-00000000FC01}1892gstaticadssl.l.google.com0142.250.186.99;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000138601Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:38.701{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 22542200x8000000000000000138600Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.116{6EDEAD03-61B3-615D-D602-00000000FC01}1892reddit.map.fastly.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138599Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.115{6EDEAD03-61B3-615D-D602-00000000FC01}1892dyna.wikimedia.org02620:0:862:ed1a::1;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138598Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.114{6EDEAD03-61B3-615D-D602-00000000FC01}1892reddit.map.fastly.net0151.101.13.140;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138597Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.113{6EDEAD03-61B3-615D-D602-00000000FC01}1892www.reddit.com0type: 5 reddit.map.fastly.net;::ffff:151.101.13.140;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138596Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.113{6EDEAD03-61B3-615D-D602-00000000FC01}1892star-mini.c10r.facebook.com02a03:2880:f11c:8183:face:b00c:0:25de;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138595Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.113{6EDEAD03-61B3-615D-D602-00000000FC01}1892dyna.wikimedia.org091.198.174.192;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138594Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.113{6EDEAD03-61B3-615D-D602-00000000FC01}1892www.wikipedia.org0type: 5 dyna.wikimedia.org;::ffff:91.198.174.192;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138593Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.112{6EDEAD03-61B3-615D-D602-00000000FC01}1892star-mini.c10r.facebook.com0157.240.20.35;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138592Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.112{6EDEAD03-61B3-615D-D602-00000000FC01}1892www-amazon-de.customer.fastly.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138591Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.111{6EDEAD03-61B3-615D-D602-00000000FC01}1892www.facebook.com0type: 5 star-mini.c10r.facebook.com;::ffff:157.240.20.35;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138590Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.111{6EDEAD03-61B3-615D-D602-00000000FC01}1892youtube-ui.l.google.com02a00:1450:4001:830::200e;2a00:1450:4001:800::200e;2a00:1450:4001:801::200e;2a00:1450:4001:80e::200e;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138589Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.110{6EDEAD03-61B3-615D-D602-00000000FC01}1892e11847.g.akamaiedge.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138588Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.109{6EDEAD03-61B3-615D-D602-00000000FC01}1892www-amazon-de.customer.fastly.net0162.219.224.163;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138587Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.109{6EDEAD03-61B3-615D-D602-00000000FC01}1892youtube-ui.l.google.com0172.217.23.110;142.250.185.78;142.250.185.110;142.250.185.142;142.250.185.174;142.250.185.206;142.250.185.238;142.250.184.238;142.250.181.238;172.217.16.142;216.58.212.174;142.250.74.206;142.250.186.142;142.250.186.174;172.217.18.110;142.250.184.206;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138586Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.109{6EDEAD03-61B3-615D-D602-00000000FC01}1892e11847.g.akamaiedge.net023.210.254.92;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138585Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.109{6EDEAD03-61B3-615D-D602-00000000FC01}1892www.amazon.de0type: 5 tp.abe2c2f23-frontier.amazon.de;type: 5 www-amazon-de.customer.fastly.net;::ffff:162.219.224.163;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138584Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.108{6EDEAD03-61B3-615D-D602-00000000FC01}1892www.youtube.com0type: 5 youtube-ui.l.google.com;::ffff:142.250.184.206;::ffff:172.217.23.110;::ffff:142.250.185.78;::ffff:142.250.185.110;::ffff:142.250.185.142;::ffff:142.250.185.174;::ffff:142.250.185.206;::ffff:142.250.185.238;::ffff:142.250.184.238;::ffff:142.250.181.238;::ffff:172.217.16.142;::ffff:216.58.212.174;::ffff:142.250.74.206;::ffff:142.250.186.142;::ffff:142.250.186.174;::ffff:172.217.18.110;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138583Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.108{6EDEAD03-61B3-615D-D602-00000000FC01}1892www.ebay.de0type: 5 slot11847.ebay.com.edgekey.net;type: 5 e11847.g.akamaiedge.net;::ffff:23.210.254.92;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138582Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:36.178{6EDEAD03-61B3-615D-D602-00000000FC01}1892www.google.com02a00:1450:4001:828::2004;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138581Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:36.177{6EDEAD03-61B3-615D-D602-00000000FC01}1892www.google.com0142.250.181.228;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138580Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:36.176{6EDEAD03-61B3-615D-D602-00000000FC01}1892www.google.com0::ffff:142.250.181.228;C:\Program Files\Mozilla Firefox\firefox.exe 354300x8000000000000000138579Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:36.824{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruetruefe80:0:0:0:0:ffff:ffff:fffe-52069-true2001:500:12:0:0:0:0:d0dG.ROOT-SERVERS.NET53domain 354300x8000000000000000138578Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:36.759{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruetruefe80:0:0:0:0:ffff:ffff:fffe-51864-true2001:500:2:0:0:0:0:cc.root-servers.net53domain 23542300x8000000000000000138577Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:38.468{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7B6ADB62FBEA75529A16B8C30C393618,SHA256=03DB7BDCA9E42956FCED2A6E9B5A03535707FFD8DFB92489FE9929B27EBA72B3,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000138576Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:36.567{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64672-false142.250.186.131fra24s07-in-f3.1e100.net80http 354300x8000000000000000138575Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:36.551{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local56221-false142.250.181.228fra16s56-in-f4.1e100.net443https 354300x8000000000000000138574Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:36.336{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64671-false142.250.181.228fra16s56-in-f4.1e100.net443https 354300x8000000000000000138573Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:36.199{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64670-false142.250.186.131fra24s07-in-f3.1e100.net80http 354300x8000000000000000138572Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:36.198{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56220- 354300x8000000000000000138571Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:36.198{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60220- 354300x8000000000000000138570Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:36.196{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61452- 354300x8000000000000000138569Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:36.178{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64669-false142.250.181.228fra16s56-in-f4.1e100.net443https 354300x8000000000000000138568Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:36.175{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56215- 354300x8000000000000000138567Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.752{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruetruefe80:0:0:0:0:ffff:ffff:fffe-53346-true2001:500:200:0:0:0:0:b-53domain 354300x8000000000000000138566Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.717{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruetruefe80:0:0:0:0:ffff:ffff:fffe-53924-true2001:7fd:0:0:0:0:0:1-53domain 354300x8000000000000000138565Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:35.699{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruetruefe80:0:0:0:0:ffff:ffff:fffe-53510-true2001:7fe:0:0:0:0:0:53-53domain 10341000x8000000000000000138564Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:38.305{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138563Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:38.278{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+bf7923|C:\Program Files\Mozilla Firefox\xul.dll+bf6fc1|C:\Program Files\Mozilla Firefox\xul.dll+beec83|C:\Program Files\Mozilla Firefox\xul.dll+bf8370|C:\Program Files\Mozilla Firefox\xul.dll+fc0059|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a|C:\Program Files\Mozilla Firefox\xul.dll+eb6c37|C:\Program Files\Mozilla Firefox\xul.dll+eb67ec|C:\Program Files\Mozilla Firefox\xul.dll+2b70e2|C:\Program Files\Mozilla Firefox\xul.dll+1ac273f|C:\Program Files\Mozilla Firefox\xul.dll+f1bcd0 10341000x8000000000000000138562Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:38.278{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+bf7923|C:\Program Files\Mozilla Firefox\xul.dll+bf6fc1|C:\Program Files\Mozilla Firefox\xul.dll+beec83|C:\Program Files\Mozilla Firefox\xul.dll+bf8370|C:\Program Files\Mozilla Firefox\xul.dll+fc0059|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a|C:\Program Files\Mozilla Firefox\xul.dll+eb6c37|C:\Program Files\Mozilla Firefox\xul.dll+eb67ec|C:\Program Files\Mozilla Firefox\xul.dll+2b70e2|C:\Program Files\Mozilla Firefox\xul.dll+1ac273f|C:\Program Files\Mozilla Firefox\xul.dll+f1bcd0 10341000x8000000000000000138561Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:38.277{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+bf7923|C:\Program Files\Mozilla Firefox\xul.dll+bf6fc1|C:\Program Files\Mozilla Firefox\xul.dll+beec83|C:\Program Files\Mozilla Firefox\xul.dll+bf8370|C:\Program Files\Mozilla Firefox\xul.dll+fc0059|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a|C:\Program Files\Mozilla Firefox\xul.dll+eb6c37|C:\Program Files\Mozilla Firefox\xul.dll+eb67ec|C:\Program Files\Mozilla Firefox\xul.dll+2b70e2|C:\Program Files\Mozilla Firefox\xul.dll+1ac273f|C:\Program Files\Mozilla Firefox\xul.dll+f1bcd0 10341000x8000000000000000138560Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:38.276{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138559Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:38.266{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138558Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:38.265{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138557Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:38.253{6EDEAD03-5041-615D-1000-00000000FC01}3761736C:\Windows\system32\svchost.exe{6EDEAD03-61B7-615D-DF02-00000000FC01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000138556Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:38.205{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\protections.sqlite-journalMD5=1CBB7A250E5348CBAEFC0F1DAAA81714,SHA256=D433D2B53418843BBFB94D25037187F67152BD0728D4753AB271818C592E5F84,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138555Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:38.197{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\protections.sqlite-journalMD5=A50D63D0E8272C19F7F7990A19A0F915,SHA256=8303A9269161E6FB6A3B775DC33562EB3D48AF269FD354101AE3BE8084E525F4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138554Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:38.178{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B7-615D-DF02-00000000FC01}5448C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2f710|C:\Program Files\Mozilla Firefox\xul.dll+e5ba99|C:\Program Files\Mozilla Firefox\xul.dll+e57449|C:\Program Files\Mozilla Firefox\xul.dll+e57eaf|C:\Program Files\Mozilla Firefox\xul.dll+e46dcd|C:\Program Files\Mozilla Firefox\xul.dll+40473d3|C:\Program Files\Mozilla Firefox\xul.dll+22a7511|C:\Program Files\Mozilla Firefox\xul.dll+9e8340|C:\Program Files\Mozilla Firefox\xul.dll+9ad911|C:\Program Files\Mozilla Firefox\xul.dll+1a043d|C:\Program Files\Mozilla Firefox\xul.dll+9eb417|C:\Program Files\Mozilla Firefox\xul.dll+9b5d19|C:\Program Files\Mozilla Firefox\xul.dll+9b8b41|C:\Program Files\Mozilla Firefox\xul.dll+9b790e|C:\Program Files\Mozilla Firefox\xul.dll+9b6c6e|C:\Program Files\Mozilla Firefox\xul.dll+9c0cf4|C:\Program Files\Mozilla Firefox\xul.dll+9076f4|C:\Program Files\Mozilla Firefox\xul.dll+8a6037|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f 23542300x8000000000000000138553Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:38.095{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\formhistory.sqlite-journalMD5=17A724A8ACF5E96C943C5C3DCA999E04,SHA256=53652D44C9E8C8AAFA919EB3637E4F911C6C9D577590BD0A3480BC31FBAE724D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138552Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:38.084{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+bf7923|C:\Program Files\Mozilla Firefox\xul.dll+bf6fc1|C:\Program Files\Mozilla Firefox\xul.dll+beec83|C:\Program Files\Mozilla Firefox\xul.dll+bf8370|C:\Program Files\Mozilla Firefox\xul.dll+fc0059|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a|C:\Program Files\Mozilla Firefox\xul.dll+eb6c37|C:\Program Files\Mozilla Firefox\xul.dll+eb67ec|C:\Program Files\Mozilla Firefox\xul.dll+2b70e2|C:\Program Files\Mozilla Firefox\xul.dll+1ac273f|C:\Program Files\Mozilla Firefox\xul.dll+f1bcd0 23542300x8000000000000000138704Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.622{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1D9BB61CA9168F2DAEE670E513BF5D51,SHA256=C192B2D767B4C5ABAE26BCA742D349B12CC2E898574F49B6CD1BC455960A84FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120732Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:39.355{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F657A23C76533F1464B4F4673E7777CD,SHA256=560016CE8CA06D4DAE3F9D653C5E491D2D85E59FF9704004AB258F75D6139B93,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138703Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.385{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3C25A3F2E4AD9B3603000D89DD0113F0,SHA256=DE1C6FD00CED1CDEA0E3FE90543561389CE61FE7F83CE084D1EC62F49A27B3ED,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000138702Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.639{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local56775-false142.250.186.99fra24s06-in-f3.1e100.net443https 354300x8000000000000000138701Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.618{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local56774-false142.250.184.195fra24s11-in-f3.1e100.net443https 354300x8000000000000000138700Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.605{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64676-false142.250.186.131fra24s07-in-f3.1e100.net80http 354300x8000000000000000138699Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.586{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64675-false142.250.186.99fra24s06-in-f3.1e100.net443https 354300x8000000000000000138698Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.586{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64674-false142.250.184.195fra24s11-in-f3.1e100.net443https 354300x8000000000000000138697Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.585{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56773- 354300x8000000000000000138696Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.584{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local62667- 354300x8000000000000000138695Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.584{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local62470- 354300x8000000000000000138694Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.584{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local63322- 354300x8000000000000000138693Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.583{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57812- 354300x8000000000000000138692Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.582{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59857- 354300x8000000000000000138691Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.499{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-54164- 354300x8000000000000000138690Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.499{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-54108- 354300x8000000000000000138689Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.498{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-54259- 354300x8000000000000000138688Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.474{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54164- 354300x8000000000000000138687Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.473{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56732- 354300x8000000000000000138686Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.473{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56193- 354300x8000000000000000138685Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.473{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54259- 354300x8000000000000000138684Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.412{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64673-false142.250.181.228fra16s56-in-f4.1e100.net443https 354300x8000000000000000138683Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.403{6EDEAD03-5024-615D-0100-00000000FC01}4SystemNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.255-137netbios-nsfalse10.0.1.14win-dc-676.attackrange.local137netbios-ns 354300x8000000000000000138682Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.403{6EDEAD03-5024-615D-0100-00000000FC01}4SystemNT AUTHORITY\SYSTEMudptruefalse10.0.1.14win-dc-676.attackrange.local137netbios-nsfalse10.0.1.255-137netbios-ns 354300x8000000000000000138681Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.403{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-60476- 354300x8000000000000000138680Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.402{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60476- 354300x8000000000000000138679Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.114{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55906- 354300x8000000000000000138678Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.113{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56864- 354300x8000000000000000138677Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.113{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58177- 354300x8000000000000000138676Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.112{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60117- 354300x8000000000000000138675Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:37.112{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local63667- 10341000x8000000000000000138674Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.288{6EDEAD03-61B3-615D-D602-00000000FC01}18923408C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61BB-615D-E202-00000000FC01}4144C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a0b461|C:\Program Files\Mozilla Firefox\xul.dll+a6c6e5|C:\Program Files\Mozilla Firefox\xul.dll+d0281|C:\Program Files\Mozilla Firefox\xul.dll+19d6412|C:\Program Files\Mozilla Firefox\xul.dll+1747b79|C:\Program Files\Mozilla Firefox\xul.dll+167b2d9|C:\Program Files\Mozilla Firefox\xul.dll+26742|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+8b45d7|C:\Program Files\Mozilla Firefox\nss3.dll+7647d|C:\Program Files\Mozilla Firefox\nss3.dll+8e401|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138673Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.277{6EDEAD03-5041-615D-1000-00000000FC01}3761736C:\Windows\system32\svchost.exe{6EDEAD03-61BB-615D-E202-00000000FC01}4144C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138672Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.276{6EDEAD03-5041-615D-1000-00000000FC01}3761736C:\Windows\system32\svchost.exe{6EDEAD03-61BB-615D-E202-00000000FC01}4144C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138671Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.261{6EDEAD03-503F-615D-0B00-00000000FC01}624788C:\Windows\system32\lsass.exe{6EDEAD03-61BB-615D-E202-00000000FC01}4144C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138670Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.261{6EDEAD03-503F-615D-0B00-00000000FC01}624788C:\Windows\system32\lsass.exe{6EDEAD03-61BB-615D-E202-00000000FC01}4144C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138669Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.253{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61BB-615D-E202-00000000FC01}4144C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4efc8|C:\Program Files\Mozilla Firefox\xul.dll+a12d37|C:\Program Files\Mozilla Firefox\xul.dll+a5b7d9|C:\Program Files\Mozilla Firefox\xul.dll+e50238|C:\Program Files\Mozilla Firefox\xul.dll+19e1f56|C:\Program Files\Mozilla Firefox\xul.dll+19d6412|C:\Program Files\Mozilla Firefox\xul.dll+19ae344|C:\Program Files\Mozilla Firefox\xul.dll+167bf03|C:\Program Files\Mozilla Firefox\xul.dll+19d7726|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000138668Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:43:39.253{6EDEAD03-61B3-615D-D602-00000000FC01}1892\cubeb-pipe-1892-4C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000138667Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-06 08:43:39.253{6EDEAD03-61B3-615D-D602-00000000FC01}1892\cubeb-pipe-1892-4C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000138666Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.250{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BD91D18E5FB1E88DB0F657EED3354AF5,SHA256=AE114638A5D7BD5A9783B1F76AADCEC01664BB425B93A76456FD8D16F7EA5604,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138665Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.235{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-61BB-615D-E202-00000000FC01}4144C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138664Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.233{6EDEAD03-5041-615D-1600-00000000FC01}12921348C:\Windows\system32\svchost.exe{6EDEAD03-61BB-615D-E202-00000000FC01}4144C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000138663Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:43:39.233{6EDEAD03-61B5-615D-D902-00000000FC01}1040\chrome.1892.10.25275766C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000138662Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.233{6EDEAD03-61B3-615D-D602-00000000FC01}18921972C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61BB-615D-E202-00000000FC01}4144C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+1b80fc|C:\Program Files\Mozilla Firefox\xul.dll+a15446|C:\Program Files\Mozilla Firefox\xul.dll+a0ffef|C:\Program Files\Mozilla Firefox\xul.dll+19ce81f|C:\Program Files\Mozilla Firefox\xul.dll+19cd1ec|C:\Program Files\Mozilla Firefox\xul.dll+13c95|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+13378|C:\Program Files\Mozilla Firefox\xul.dll+9f2211|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x8000000000000000138661Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-06 08:43:39.233{6EDEAD03-61B3-615D-D602-00000000FC01}1892\chrome.1892.10.25275766C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000138660Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:43:39.232{6EDEAD03-61B3-615D-D602-00000000FC01}1892\chrome.1892.9.57621377C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000138659Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.230{6EDEAD03-61B3-615D-D602-00000000FC01}18926100C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61BB-615D-E202-00000000FC01}4144C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+13527b|C:\Program Files\Mozilla Firefox\xul.dll+12239ed|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000138658Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:43:39.230{6EDEAD03-61B3-615D-D602-00000000FC01}1892\gecko-crash-server-pipe.1892C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000138657Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.195{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61BB-615D-E202-00000000FC01}4144C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2f710|C:\Program Files\Mozilla Firefox\xul.dll+e5ba99|C:\Program Files\Mozilla Firefox\xul.dll+e57449|C:\Program Files\Mozilla Firefox\xul.dll+e49022|C:\Program Files\Mozilla Firefox\xul.dll+362c4d4|C:\Program Files\Mozilla Firefox\xul.dll+362c440|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167bf03|C:\Program Files\Mozilla Firefox\xul.dll+19d7726|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138656Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.195{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61BB-615D-E202-00000000FC01}4144C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+362c4d4|C:\Program Files\Mozilla Firefox\xul.dll+362c440|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167bf03|C:\Program Files\Mozilla Firefox\xul.dll+19d7726|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d 10341000x8000000000000000138655Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.195{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61BB-615D-E202-00000000FC01}4144C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+362c4d4|C:\Program Files\Mozilla Firefox\xul.dll+362c440|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167bf03|C:\Program Files\Mozilla Firefox\xul.dll+19d7726|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d 10341000x8000000000000000138654Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.195{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61BB-615D-E202-00000000FC01}4144C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+362c4d4|C:\Program Files\Mozilla Firefox\xul.dll+362c440|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167bf03|C:\Program Files\Mozilla Firefox\xul.dll+19d7726|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d 10341000x8000000000000000138653Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.194{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61BB-615D-E202-00000000FC01}4144C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+362c4d4|C:\Program Files\Mozilla Firefox\xul.dll+362c440|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167bf03|C:\Program Files\Mozilla Firefox\xul.dll+19d7726|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d 10341000x8000000000000000138652Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.194{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61BB-615D-E202-00000000FC01}4144C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+362c4d4|C:\Program Files\Mozilla Firefox\xul.dll+362c440|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167bf03|C:\Program Files\Mozilla Firefox\xul.dll+19d7726|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d 10341000x8000000000000000138651Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.194{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61BB-615D-E202-00000000FC01}4144C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+362c4d4|C:\Program Files\Mozilla Firefox\xul.dll+362c440|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167bf03|C:\Program Files\Mozilla Firefox\xul.dll+19d7726|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d 10341000x8000000000000000138650Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.194{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61BB-615D-E202-00000000FC01}4144C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+362c4d4|C:\Program Files\Mozilla Firefox\xul.dll+362c440|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167bf03|C:\Program Files\Mozilla Firefox\xul.dll+19d7726|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d 10341000x8000000000000000138649Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.194{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61BB-615D-E202-00000000FC01}4144C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+362c4d4|C:\Program Files\Mozilla Firefox\xul.dll+362c440|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167bf03|C:\Program Files\Mozilla Firefox\xul.dll+19d7726|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d 10341000x8000000000000000138648Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.194{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61BB-615D-E202-00000000FC01}4144C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+362c4d4|C:\Program Files\Mozilla Firefox\xul.dll+362c440|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167bf03|C:\Program Files\Mozilla Firefox\xul.dll+19d7726|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d 10341000x8000000000000000138647Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.194{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61BB-615D-E202-00000000FC01}4144C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+362c4d4|C:\Program Files\Mozilla Firefox\xul.dll+362c440|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167bf03|C:\Program Files\Mozilla Firefox\xul.dll+19d7726|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d 10341000x8000000000000000138646Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.194{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61BB-615D-E202-00000000FC01}4144C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+362c4d4|C:\Program Files\Mozilla Firefox\xul.dll+362c440|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167bf03|C:\Program Files\Mozilla Firefox\xul.dll+19d7726|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d 10341000x8000000000000000138645Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.194{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61BB-615D-E202-00000000FC01}4144C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+362c4d4|C:\Program Files\Mozilla Firefox\xul.dll+362c440|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167bf03|C:\Program Files\Mozilla Firefox\xul.dll+19d7726|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d 10341000x8000000000000000138644Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.194{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61BB-615D-E202-00000000FC01}4144C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a5a8dd|C:\Program Files\Mozilla Firefox\xul.dll+a4fe8a|C:\Program Files\Mozilla Firefox\xul.dll+a4fd44|C:\Program Files\Mozilla Firefox\xul.dll+8ef13e|C:\Program Files\Mozilla Firefox\xul.dll+e48d30|C:\Program Files\Mozilla Firefox\xul.dll+362c4d4|C:\Program Files\Mozilla Firefox\xul.dll+362c440|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167bf03|C:\Program Files\Mozilla Firefox\xul.dll+19d7726|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d 10341000x8000000000000000138643Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.194{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61BB-615D-E202-00000000FC01}4144C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+a026ef|C:\Program Files\Mozilla Firefox\xul.dll+a4ff28|C:\Program Files\Mozilla Firefox\xul.dll+e5acd8|C:\Program Files\Mozilla Firefox\xul.dll+e48ccc|C:\Program Files\Mozilla Firefox\xul.dll+362c4d4|C:\Program Files\Mozilla Firefox\xul.dll+362c440|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167bf03|C:\Program Files\Mozilla Firefox\xul.dll+19d7726|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000138642Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.194{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61BB-615D-E202-00000000FC01}4144C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+e48c43|C:\Program Files\Mozilla Firefox\xul.dll+362c4d4|C:\Program Files\Mozilla Firefox\xul.dll+362c440|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167bf03|C:\Program Files\Mozilla Firefox\xul.dll+19d7726|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138641Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.193{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61BB-615D-E202-00000000FC01}4144C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+c2e55|C:\Program Files\Mozilla Firefox\xul.dll+e4891a|C:\Program Files\Mozilla Firefox\xul.dll+362c4d4|C:\Program Files\Mozilla Firefox\xul.dll+362c440|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167bf03|C:\Program Files\Mozilla Firefox\xul.dll+19d7726|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138640Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.193{6EDEAD03-61B3-615D-D602-00000000FC01}18921972C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61BB-615D-E202-00000000FC01}4144C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+a0942f|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+166d71b|C:\Program Files\Mozilla Firefox\xul.dll+19cd045|C:\Program Files\Mozilla Firefox\xul.dll+13c95|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+13378|C:\Program Files\Mozilla Firefox\xul.dll+9f2211|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138639Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.188{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138638Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.188{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138637Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.188{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138636Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.188{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138635Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.188{6EDEAD03-538E-615D-FD00-00000000FC01}1001332C:\Windows\system32\csrss.exe{6EDEAD03-61BB-615D-E202-00000000FC01}4144C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000138634Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.187{6EDEAD03-61B3-615D-D602-00000000FC01}18925908C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61BB-615D-E202-00000000FC01}4144C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+188af|C:\Program Files\Mozilla Firefox\firefox.exe+2f07d|C:\Program Files\Mozilla Firefox\firefox.exe+2e285|C:\Program Files\Mozilla Firefox\xul.dll+1fd1d9a|C:\Program Files\Mozilla Firefox\xul.dll+a04e9a|C:\Program Files\Mozilla Firefox\xul.dll+a03065|C:\Program Files\Mozilla Firefox\xul.dll+a0a25e|C:\Program Files\Mozilla Firefox\xul.dll+8b1df0|C:\Program Files\Mozilla Firefox\xul.dll+167b2d9|C:\Program Files\Mozilla Firefox\xul.dll+2680a|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+8b45d7|C:\Program Files\Mozilla Firefox\nss3.dll+7647d|C:\Program Files\Mozilla Firefox\nss3.dll+8e401|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000138633Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.188{6EDEAD03-61BB-615D-E202-00000000FC01}4144C:\Program Files\Mozilla Firefox\firefox.exe92.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1892.9.576213774\1671980155" -childID 5 -isForBrowser -prefsHandle 8604 -prefMapHandle 8608 -prefsLen 11555 -prefMapSize 235910 -jsInit 1128 285716 -parentBuildID 20210922161155 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1892 "\\.\pipe\gecko-crash-server-pipe.1892" 4628 1daea8e3f38 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6EDEAD03-5390-615D-37C9-0C0000000000}0xcc9372LowMD5=DBDB3EFACC3D9039A4F5703662099178,SHA256=534A44A08893AFBE78E04B4CFF80BD00BFC40562A923E8AF38E240227A643FFB,IMPHASH=AECE7B7E776840D7A7255A31B309B7E4{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 17141700x8000000000000000138632Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-06 08:43:39.179{6EDEAD03-61B3-615D-D602-00000000FC01}1892\chrome.1892.9.57621377C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138717Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.467{6EDEAD03-61B3-615D-D602-00000000FC01}1892consent.google.de02a00:1450:4001:828::200e;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138716Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.465{6EDEAD03-61B3-615D-D602-00000000FC01}1892consent.google.de0142.250.186.110;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138715Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.464{6EDEAD03-61B3-615D-D602-00000000FC01}1892consent.google.de0::ffff:142.250.186.110;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138714Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.385{6EDEAD03-61B3-615D-D602-00000000FC01}1892consent.google.com02a00:1450:4001:831::200e;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138713Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.384{6EDEAD03-61B3-615D-D602-00000000FC01}1892consent.google.com0216.58.212.174;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138712Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.383{6EDEAD03-61B3-615D-D602-00000000FC01}1892consent.google.com0::ffff:216.58.212.174;C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000138711Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.637{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=21350CD48462CCC4D82988915F95BF3D,SHA256=835A657B6769468D30417843BF4C9637031CC47C16A6DD61B1892B866C6DD6C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120733Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:40.355{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5C52B4660DA9097AB668A02047D582A4,SHA256=A04DCB4347E299911DF05D016B059005A60D8EE93A5760460F54D7BE644D5E61,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138710Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.187{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FE2ED82E580E0A1669FB8D7DB1CD5DD9,SHA256=DEC3B7D157A23EA8E71FAD8CCEA56BA6478947293A4AE36F8BE2CF9ED9A0BB17,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138709Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.081{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138708Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.075{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138707Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.074{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138706Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.073{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000138705Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.053{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\permissions.sqlite-journalMD5=06DE50CB535C728A291376EDD341DCD8,SHA256=A5EEBB2B33D7F4CB044E408C3636F20316A1A71EFD5E7108F6FED8AD0E98CF4F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138788Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:41.928{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+bf7923|C:\Program Files\Mozilla Firefox\xul.dll+bf6fc1|C:\Program Files\Mozilla Firefox\xul.dll+beec83|C:\Program Files\Mozilla Firefox\xul.dll+bf8370|C:\Program Files\Mozilla Firefox\xul.dll+fc0059|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a|C:\Program Files\Mozilla Firefox\xul.dll+eb6c37|C:\Program Files\Mozilla Firefox\xul.dll+eb67ec|C:\Program Files\Mozilla Firefox\xul.dll+2b70e2|C:\Program Files\Mozilla Firefox\xul.dll+1ac273f|C:\Program Files\Mozilla Firefox\xul.dll+f1bcd0 10341000x8000000000000000138787Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:41.896{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b638f2|C:\Program Files\Mozilla Firefox\xul.dll+316525|C:\Program Files\Mozilla Firefox\xul.dll+fc0875|C:\Program Files\Mozilla Firefox\xul.dll+c04c94|C:\Program Files\Mozilla Firefox\xul.dll+315ded|C:\Program Files\Mozilla Firefox\xul.dll+39de3b|C:\Program Files\Mozilla Firefox\xul.dll+39d63d|C:\Program Files\Mozilla Firefox\xul.dll+bef9ba|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573 354300x8000000000000000138786Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.150{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64720- 354300x8000000000000000138785Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.120{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64682-false142.250.181.226fra16s56-in-f2.1e100.net443https 354300x8000000000000000138784Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.119{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60798- 354300x8000000000000000138783Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.116{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56350- 354300x8000000000000000138782Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.949{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local61698-false142.250.185.98fra16s49-in-f2.1e100.net443https 10341000x8000000000000000138781Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:41.833{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b66218|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138780Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:41.826{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+3a7e21|C:\Program Files\Mozilla Firefox\xul.dll+3a79a4|C:\Program Files\Mozilla Firefox\xul.dll+3a7848|C:\Program Files\Mozilla Firefox\xul.dll+c0dc1b|C:\Program Files\Mozilla Firefox\xul.dll+c069d2|C:\Program Files\Mozilla Firefox\xul.dll+27b74bd|C:\Program Files\Mozilla Firefox\xul.dll+c0ed76|C:\Program Files\Mozilla Firefox\xul.dll+c07efb|C:\Program Files\Mozilla Firefox\xul.dll+39a61b|C:\Program Files\Mozilla Firefox\xul.dll+c09b18|C:\Program Files\Mozilla Firefox\xul.dll+27b872e|C:\Program Files\Mozilla Firefox\xul.dll+27b84c4|C:\Program Files\Mozilla Firefox\xul.dll+c0ffd2|C:\Program Files\Mozilla Firefox\xul.dll+c09d79|C:\Program Files\Mozilla Firefox\xul.dll+39a61b 10341000x8000000000000000138779Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:41.826{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+3a7e21|C:\Program Files\Mozilla Firefox\xul.dll+3a79a4|C:\Program Files\Mozilla Firefox\xul.dll+3a7848|C:\Program Files\Mozilla Firefox\xul.dll+c0dc1b|C:\Program Files\Mozilla Firefox\xul.dll+c069d2|C:\Program Files\Mozilla Firefox\xul.dll+27b74bd|C:\Program Files\Mozilla Firefox\xul.dll+c0ed76|C:\Program Files\Mozilla Firefox\xul.dll+c07efb|C:\Program Files\Mozilla Firefox\xul.dll+39a61b|C:\Program Files\Mozilla Firefox\xul.dll+c09b18|C:\Program Files\Mozilla Firefox\xul.dll+27b872e|C:\Program Files\Mozilla Firefox\xul.dll+27b84c4|C:\Program Files\Mozilla Firefox\xul.dll+c0ffd2|C:\Program Files\Mozilla Firefox\xul.dll+c09d79|C:\Program Files\Mozilla Firefox\xul.dll+39a61b 10341000x8000000000000000138778Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:41.825{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+3a7e21|C:\Program Files\Mozilla Firefox\xul.dll+3a79a4|C:\Program Files\Mozilla Firefox\xul.dll+3a7848|C:\Program Files\Mozilla Firefox\xul.dll+c0dc1b|C:\Program Files\Mozilla Firefox\xul.dll+c069d2|C:\Program Files\Mozilla Firefox\xul.dll+27b74bd|C:\Program Files\Mozilla Firefox\xul.dll+c0ed76|C:\Program Files\Mozilla Firefox\xul.dll+c07efb|C:\Program Files\Mozilla Firefox\xul.dll+39a61b|C:\Program Files\Mozilla Firefox\xul.dll+c09b18|C:\Program Files\Mozilla Firefox\xul.dll+27b872e|C:\Program Files\Mozilla Firefox\xul.dll+27b84c4|C:\Program Files\Mozilla Firefox\xul.dll+c0ffd2|C:\Program Files\Mozilla Firefox\xul.dll+c09d79|C:\Program Files\Mozilla Firefox\xul.dll+39a61b 10341000x8000000000000000138777Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:41.806{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138776Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:41.805{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138775Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:41.805{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138774Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:41.804{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138773Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:41.804{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138772Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:41.804{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138771Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:41.804{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138770Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:41.803{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138769Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:41.803{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138768Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:41.802{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138767Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:41.802{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138766Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:41.773{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138765Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:41.773{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138764Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:41.773{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138763Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:41.772{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 22542200x8000000000000000138762Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.751{6EDEAD03-61B3-615D-D602-00000000FC01}1892part-0017.t-0009.t-msedge.net02620:1ec:bdf::45;2620:1ec:46::45;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138761Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.749{6EDEAD03-61B3-615D-D602-00000000FC01}1892part-0017.t-0009.t-msedge.net013.107.213.45;13.107.246.45;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138760Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.748{6EDEAD03-61B3-615D-D602-00000000FC01}1892js.monitor.azure.com0type: 5 aijscdn2.azureedge.net;type: 5 aijscdn2.afd.azureedge.net;type: 5 firstparty-azurefd-prod.trafficmanager.net;type: 5 dual.part-0017.t-0009.t-msedge.net;type: 5 part-0017.t-0009.t-msedge.net;::ffff:13.107.246.45;::ffff:13.107.213.45;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138759Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.734{6EDEAD03-61B3-615D-D602-00000000FC01}1892github.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138758Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.732{6EDEAD03-61B3-615D-D602-00000000FC01}1892github.com0140.82.121.3;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138757Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.732{6EDEAD03-61B3-615D-D602-00000000FC01}1892github.com0::ffff:140.82.121.3;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138756Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.621{6EDEAD03-61B3-615D-D602-00000000FC01}1892e13630.dscb.akamaiedge.net02a02:26f0:1700:195::353e;2a02:26f0:1700:1b0::353e;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138755Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.618{6EDEAD03-61B3-615D-D602-00000000FC01}1892e13630.dscb.akamaiedge.net0104.111.246.93;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138754Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.118{6EDEAD03-61B3-615D-D602-00000000FC01}1892adservice.google.de0type: 5 pagead46.l.doubleclick.net;::ffff:142.250.181.226;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138753Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.854{6EDEAD03-61B3-615D-D602-00000000FC01}1892plus.l.google.com02a00:1450:4001:809::200e;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138752Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.846{6EDEAD03-61B3-615D-D602-00000000FC01}1892plus.l.google.com0142.250.185.174;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138751Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.842{6EDEAD03-61B3-615D-D602-00000000FC01}1892apis.google.com0type: 5 plus.l.google.com;::ffff:142.250.185.174;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138750Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.783{6EDEAD03-61B3-615D-D602-00000000FC01}1892consent.youtube.com02a00:1450:4001:830::200e;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138749Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.780{6EDEAD03-61B3-615D-D602-00000000FC01}1892consent.youtube.com0142.250.185.78;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138748Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.779{6EDEAD03-61B3-615D-D602-00000000FC01}1892consent.youtube.com0::ffff:142.250.185.78;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138747Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.665{6EDEAD03-61B3-615D-D602-00000000FC01}1892sdelete.9002-C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000138746Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:41.691{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3543EC00112E77F312E86CFDC4DE9ED4,SHA256=6D23AD4FC170F45A48C6C251E7AF9C4107F88118500F8080846A8ECBDE25D8FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120734Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:41.355{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2DCBF501CF4CA39A7F14C4C71B9B010E,SHA256=6825B362EA09479AD904768A8538C1313CD3677594E41A23F5B04A727AEDAA41,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000138745Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.911{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64681-false142.250.185.98fra16s49-in-f2.1e100.net443https 354300x8000000000000000138744Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.905{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61697- 354300x8000000000000000138743Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.905{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59517- 354300x8000000000000000138742Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.902{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local63569- 354300x8000000000000000138741Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.882{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local57119-false142.250.185.174fra16s51-in-f14.1e100.net443https 354300x8000000000000000138740Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.848{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64680-false142.250.185.174fra16s51-in-f14.1e100.net443https 354300x8000000000000000138739Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.846{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57118- 354300x8000000000000000138738Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.845{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59892- 354300x8000000000000000138737Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.839{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61112- 354300x8000000000000000138736Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.832{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local55539-false142.250.185.78fra16s48-in-f14.1e100.net443https 354300x8000000000000000138735Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.821{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruetruefe80:0:0:0:0:ffff:ffff:fffe-53924-true2001:503:c27:0:0:0:2:30j.root-servers.net53domain 354300x8000000000000000138734Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.781{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64679-false142.250.185.78fra16s48-in-f14.1e100.net443https 354300x8000000000000000138733Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.780{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55538- 354300x8000000000000000138732Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.776{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56880- 23542300x8000000000000000138731Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:41.565{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\ZJUI0E~1.DEF\cert9.db-journalMD5=61F0988E518D36C506762CD0B01BC43B,SHA256=51FE352A4C79FBDA38D8DC538CE30A53C4CA3B929FB583C3C2761ABA8E66C9D4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138730Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:41.528{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\ZJUI0E~1.DEF\cert9.db-journalMD5=1C7B17E589E52AB39B2AB52602563229,SHA256=0F26222EF97A3C94CD6DE46E52D890ACADA4035780826943339344297CBB0BFA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138729Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:41.507{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\ZJUI0E~1.DEF\cert9.db-journalMD5=41D4E75558D4611A71AAC1A7643A5251,SHA256=05D1BF0CC7138EF22AAB57EC793D00D4D58C5034DF1D2B2F4F5B62B71133D7E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138728Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:41.448{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\ZJUI0E~1.DEF\cert9.db-journalMD5=EF9430886B6A45A75524D90DD42C6891,SHA256=38A1A0353699556ECCC91FDFAF29B56EA8807AE305236E482BAF3472F82FC3B5,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000138727Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.527{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local54105-false142.250.186.110fra24s06-in-f14.1e100.net443https 354300x8000000000000000138726Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.465{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64678-false142.250.186.110fra24s06-in-f14.1e100.net443https 354300x8000000000000000138725Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.465{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55021- 354300x8000000000000000138724Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.462{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local63647- 354300x8000000000000000138723Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.436{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local61241-false216.58.212.174ams15s22-in-f174.1e100.net443https 354300x8000000000000000138722Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.384{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64677-false216.58.212.174ams15s22-in-f174.1e100.net443https 354300x8000000000000000138721Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.384{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61240- 354300x8000000000000000138720Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.383{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59327- 354300x8000000000000000138719Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:39.380{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59200- 23542300x8000000000000000138718Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:41.322{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\ZJUI0E~1.DEF\cert9.db-journalMD5=F39B272EF211B9109FA4E106A131D79C,SHA256=BD19AA9F16ABA1C73E77164004A771713945968DBE153D38FAC87A57AAFB22C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138825Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:42.847{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\ZJUI0E~1.DEF\cert9.db-journalMD5=ED1567DDE0DB26D36254B29D50E969EC,SHA256=6B4241085F2171C043C9A756128802E8398E749CD982D72F542DB868BE5296FA,IMPHASH=00000000000000000000000000000000falsetrue 22542200x8000000000000000138824Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.814{6EDEAD03-61B3-615D-D602-00000000FC01}1892avatars.githubusercontent.com02606:50c0:8002::154;2606:50c0:8003::154;2606:50c0:8001::154;2606:50c0:8000::154;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138823Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.810{6EDEAD03-61B3-615D-D602-00000000FC01}1892avatars.githubusercontent.com0185.199.108.133;185.199.109.133;185.199.110.133;185.199.111.133;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138822Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.808{6EDEAD03-61B3-615D-D602-00000000FC01}1892avatars.githubusercontent.com0::ffff:185.199.111.133;::ffff:185.199.108.133;::ffff:185.199.109.133;::ffff:185.199.110.133;C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000120735Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:42.371{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0CB78C14C3C08A69C9140C9247E67080,SHA256=07E3A092F391A51E0B88DCDA64FB4B9220B8D34C6E5AD15FAB2530105FC4A546,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000138821Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.859{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64696-false185.199.111.133cdn-185-199-111-133.github.com443https 354300x8000000000000000138820Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.859{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64695-false185.199.111.133cdn-185-199-111-133.github.com443https 354300x8000000000000000138819Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.858{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64694-false185.199.111.133cdn-185-199-111-133.github.com443https 354300x8000000000000000138818Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.810{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61319- 354300x8000000000000000138817Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.809{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61415- 354300x8000000000000000138816Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.807{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55003- 354300x8000000000000000138815Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.785{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64693-false13.107.246.45-443https 354300x8000000000000000138814Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.784{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64692-false93.184.220.29-80http 354300x8000000000000000138813Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.758{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64691-false93.184.220.29-80http 354300x8000000000000000138812Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.757{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64690-false13.107.246.45-443https 354300x8000000000000000138811Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.752{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-55872- 354300x8000000000000000138810Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.748{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local63201- 354300x8000000000000000138809Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.748{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64689-false140.82.121.3lb-140-82-121-3-fra.github.com443https 354300x8000000000000000138808Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.733{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64688-false140.82.121.3lb-140-82-121-3-fra.github.com443https 354300x8000000000000000138807Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.733{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64687-false140.82.121.3lb-140-82-121-3-fra.github.com443https 354300x8000000000000000138806Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.733{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64686-false140.82.121.3lb-140-82-121-3-fra.github.com443https 354300x8000000000000000138805Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.732{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61255- 354300x8000000000000000138804Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.729{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64680- 354300x8000000000000000138803Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.728{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55872- 354300x8000000000000000138802Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.618{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54590- 354300x8000000000000000138801Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.617{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64685-false104.111.246.93a104-111-246-93.deploy.static.akamaitechnologies.com443https 354300x8000000000000000138800Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.602{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-63661- 354300x8000000000000000138799Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.577{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local63661- 354300x8000000000000000138798Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.532{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-62552- 354300x8000000000000000138797Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.507{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58158- 354300x8000000000000000138796Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.506{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local62552- 354300x8000000000000000138795Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.506{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59527- 354300x8000000000000000138794Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.505{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local65535- 354300x8000000000000000138793Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.504{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57413- 354300x8000000000000000138792Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.413{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64684-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000138791Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.182{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64683-false172.217.16.130zrh04s06-in-f130.1e100.net443https 354300x8000000000000000138790Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.154{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58941- 354300x8000000000000000138789Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:40.153{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local64721-false172.217.16.130zrh04s06-in-f130.1e100.net443https 10341000x8000000000000000138858Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:43.936{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b5f98a|C:\Program Files\Mozilla Firefox\xul.dll+2dbf19|C:\Program Files\Mozilla Firefox\xul.dll+2dbe24|C:\Program Files\Mozilla Firefox\xul.dll+2dbc0d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaa4|C:\Program Files\Mozilla Firefox\xul.dll+bab3e3|C:\Program Files\Mozilla Firefox\xul.dll+bac0d1|C:\Program Files\Mozilla Firefox\xul.dll+bab0dd|C:\Program Files\Mozilla Firefox\xul.dll+bab032|C:\Program Files\Mozilla Firefox\xul.dll+b7c131|C:\Program Files\Mozilla Firefox\xul.dll+1a25c2a|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a 10341000x8000000000000000138857Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:43.935{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b5f98a|C:\Program Files\Mozilla Firefox\xul.dll+2dbf19|C:\Program Files\Mozilla Firefox\xul.dll+2dbe24|C:\Program Files\Mozilla Firefox\xul.dll+2dbc0d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaa4|C:\Program Files\Mozilla Firefox\xul.dll+bab3e3|C:\Program Files\Mozilla Firefox\xul.dll+bac0d1|C:\Program Files\Mozilla Firefox\xul.dll+bab0dd|C:\Program Files\Mozilla Firefox\xul.dll+bab032|C:\Program Files\Mozilla Firefox\xul.dll+b7c131|C:\Program Files\Mozilla Firefox\xul.dll+1a25c2a|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a 354300x8000000000000000120737Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:41.537{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50600-false10.0.1.12-8000- 23542300x8000000000000000120736Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:43.371{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DE2C8C9C9CCB8AE13621AFAC8772C66F,SHA256=58711939F36F739AF0DEF33CEACB0C6BCA917F2DDC3428C2E0664536F47F6EAB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138856Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:43.512{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b66218|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138855Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:43.461{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b5f98a|C:\Program Files\Mozilla Firefox\xul.dll+2dbf19|C:\Program Files\Mozilla Firefox\xul.dll+2dbe24|C:\Program Files\Mozilla Firefox\xul.dll+2dbc0d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaa4|C:\Program Files\Mozilla Firefox\xul.dll+bab3e3|C:\Program Files\Mozilla Firefox\xul.dll+bac0d1|C:\Program Files\Mozilla Firefox\xul.dll+bab0dd|C:\Program Files\Mozilla Firefox\xul.dll+bab032|C:\Program Files\Mozilla Firefox\xul.dll+b7c131|C:\Program Files\Mozilla Firefox\xul.dll+1a25c2a|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a 10341000x8000000000000000138854Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:43.461{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b5f98a|C:\Program Files\Mozilla Firefox\xul.dll+2dbf19|C:\Program Files\Mozilla Firefox\xul.dll+2dbe24|C:\Program Files\Mozilla Firefox\xul.dll+2dbc0d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaa4|C:\Program Files\Mozilla Firefox\xul.dll+bab3e3|C:\Program Files\Mozilla Firefox\xul.dll+bac0d1|C:\Program Files\Mozilla Firefox\xul.dll+bab0dd|C:\Program Files\Mozilla Firefox\xul.dll+bab032|C:\Program Files\Mozilla Firefox\xul.dll+b7c131|C:\Program Files\Mozilla Firefox\xul.dll+1a25c2a|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a 10341000x8000000000000000138853Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:43.459{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b695f9|C:\Program Files\Mozilla Firefox\xul.dll+b7958a|C:\Program Files\Mozilla Firefox\xul.dll+b56ab9|C:\Program Files\Mozilla Firefox\xul.dll+b6c350|C:\Program Files\Mozilla Firefox\xul.dll+1a24c7c|C:\Program Files\Mozilla Firefox\xul.dll+192fc92|C:\Program Files\Mozilla Firefox\xul.dll+192dfcc|C:\Program Files\Mozilla Firefox\xul.dll+1b1c2f7|C:\Program Files\Mozilla Firefox\xul.dll+1b1b19f|C:\Program Files\Mozilla Firefox\xul.dll+192a5fa|C:\Program Files\Mozilla Firefox\xul.dll+1b3e634|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937 10341000x8000000000000000138852Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:43.458{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b5f98a|C:\Program Files\Mozilla Firefox\xul.dll+2dbf19|C:\Program Files\Mozilla Firefox\xul.dll+2dbe24|C:\Program Files\Mozilla Firefox\xul.dll+2dbc0d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaa4|C:\Program Files\Mozilla Firefox\xul.dll+bab3e3|C:\Program Files\Mozilla Firefox\xul.dll+bac0d1|C:\Program Files\Mozilla Firefox\xul.dll+bab0dd|C:\Program Files\Mozilla Firefox\xul.dll+bab032|C:\Program Files\Mozilla Firefox\xul.dll+b7c131|C:\Program Files\Mozilla Firefox\xul.dll+1a25c2a|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a 10341000x8000000000000000138851Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:43.458{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b5f98a|C:\Program Files\Mozilla Firefox\xul.dll+2dbf19|C:\Program Files\Mozilla Firefox\xul.dll+2dbe24|C:\Program Files\Mozilla Firefox\xul.dll+2dbc0d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaa4|C:\Program Files\Mozilla Firefox\xul.dll+bab3e3|C:\Program Files\Mozilla Firefox\xul.dll+bac0d1|C:\Program Files\Mozilla Firefox\xul.dll+bab0dd|C:\Program Files\Mozilla Firefox\xul.dll+bab032|C:\Program Files\Mozilla Firefox\xul.dll+b7c131|C:\Program Files\Mozilla Firefox\xul.dll+1a25c2a|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a 10341000x8000000000000000138850Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:43.458{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b5f98a|C:\Program Files\Mozilla Firefox\xul.dll+2dbf19|C:\Program Files\Mozilla Firefox\xul.dll+2dbe24|C:\Program Files\Mozilla Firefox\xul.dll+2dbc0d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaa4|C:\Program Files\Mozilla Firefox\xul.dll+bab3e3|C:\Program Files\Mozilla Firefox\xul.dll+bac0d1|C:\Program Files\Mozilla Firefox\xul.dll+bab0dd|C:\Program Files\Mozilla Firefox\xul.dll+bab032|C:\Program Files\Mozilla Firefox\xul.dll+b7c131|C:\Program Files\Mozilla Firefox\xul.dll+1a25c2a|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a 10341000x8000000000000000138849Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:43.458{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b5f98a|C:\Program Files\Mozilla Firefox\xul.dll+2dbf19|C:\Program Files\Mozilla Firefox\xul.dll+2dbe24|C:\Program Files\Mozilla Firefox\xul.dll+2dbc0d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaa4|C:\Program Files\Mozilla Firefox\xul.dll+bab3e3|C:\Program Files\Mozilla Firefox\xul.dll+bac0d1|C:\Program Files\Mozilla Firefox\xul.dll+bab0dd|C:\Program Files\Mozilla Firefox\xul.dll+bab032|C:\Program Files\Mozilla Firefox\xul.dll+b7c131|C:\Program Files\Mozilla Firefox\xul.dll+1a25c2a|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a 10341000x8000000000000000138848Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:43.457{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b5f98a|C:\Program Files\Mozilla Firefox\xul.dll+2dbf19|C:\Program Files\Mozilla Firefox\xul.dll+2dbe24|C:\Program Files\Mozilla Firefox\xul.dll+2dbc0d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaa4|C:\Program Files\Mozilla Firefox\xul.dll+bab3e3|C:\Program Files\Mozilla Firefox\xul.dll+bac0d1|C:\Program Files\Mozilla Firefox\xul.dll+bab0dd|C:\Program Files\Mozilla Firefox\xul.dll+bab032|C:\Program Files\Mozilla Firefox\xul.dll+b7c131|C:\Program Files\Mozilla Firefox\xul.dll+1a25c2a|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a 10341000x8000000000000000138847Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:43.457{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b5f98a|C:\Program Files\Mozilla Firefox\xul.dll+2dbf19|C:\Program Files\Mozilla Firefox\xul.dll+2dbe24|C:\Program Files\Mozilla Firefox\xul.dll+2dbc0d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaa4|C:\Program Files\Mozilla Firefox\xul.dll+bab3e3|C:\Program Files\Mozilla Firefox\xul.dll+bac0d1|C:\Program Files\Mozilla Firefox\xul.dll+bab0dd|C:\Program Files\Mozilla Firefox\xul.dll+bab032|C:\Program Files\Mozilla Firefox\xul.dll+b7c131|C:\Program Files\Mozilla Firefox\xul.dll+1a25c2a|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a 10341000x8000000000000000138846Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:43.457{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b5f98a|C:\Program Files\Mozilla Firefox\xul.dll+2dbf19|C:\Program Files\Mozilla Firefox\xul.dll+2dbe24|C:\Program Files\Mozilla Firefox\xul.dll+2dbc0d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaa4|C:\Program Files\Mozilla Firefox\xul.dll+bab3e3|C:\Program Files\Mozilla Firefox\xul.dll+bac0d1|C:\Program Files\Mozilla Firefox\xul.dll+bab0dd|C:\Program Files\Mozilla Firefox\xul.dll+bab032|C:\Program Files\Mozilla Firefox\xul.dll+b7c131|C:\Program Files\Mozilla Firefox\xul.dll+1a25c2a|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a 10341000x8000000000000000138845Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:43.456{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b5f98a|C:\Program Files\Mozilla Firefox\xul.dll+2dbf19|C:\Program Files\Mozilla Firefox\xul.dll+2dbe24|C:\Program Files\Mozilla Firefox\xul.dll+2dbc0d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaa4|C:\Program Files\Mozilla Firefox\xul.dll+bab3e3|C:\Program Files\Mozilla Firefox\xul.dll+bac0d1|C:\Program Files\Mozilla Firefox\xul.dll+bab0dd|C:\Program Files\Mozilla Firefox\xul.dll+bab032|C:\Program Files\Mozilla Firefox\xul.dll+b7c131|C:\Program Files\Mozilla Firefox\xul.dll+1a25c2a|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a 10341000x8000000000000000138844Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:43.456{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b5f98a|C:\Program Files\Mozilla Firefox\xul.dll+2dbf19|C:\Program Files\Mozilla Firefox\xul.dll+2dbe24|C:\Program Files\Mozilla Firefox\xul.dll+2dbc0d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaa4|C:\Program Files\Mozilla Firefox\xul.dll+bab3e3|C:\Program Files\Mozilla Firefox\xul.dll+bac0d1|C:\Program Files\Mozilla Firefox\xul.dll+bab0dd|C:\Program Files\Mozilla Firefox\xul.dll+bab032|C:\Program Files\Mozilla Firefox\xul.dll+b7c131|C:\Program Files\Mozilla Firefox\xul.dll+1a25c2a|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a 10341000x8000000000000000138843Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:43.455{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b5f98a|C:\Program Files\Mozilla Firefox\xul.dll+2dbf19|C:\Program Files\Mozilla Firefox\xul.dll+2dbe24|C:\Program Files\Mozilla Firefox\xul.dll+2dbc0d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaa4|C:\Program Files\Mozilla Firefox\xul.dll+bab3e3|C:\Program Files\Mozilla Firefox\xul.dll+bac0d1|C:\Program Files\Mozilla Firefox\xul.dll+bab0dd|C:\Program Files\Mozilla Firefox\xul.dll+bab032|C:\Program Files\Mozilla Firefox\xul.dll+b7c131|C:\Program Files\Mozilla Firefox\xul.dll+1a25c2a|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a 10341000x8000000000000000138842Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:43.454{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b5f98a|C:\Program Files\Mozilla Firefox\xul.dll+2dbf19|C:\Program Files\Mozilla Firefox\xul.dll+2dbe24|C:\Program Files\Mozilla Firefox\xul.dll+2dbc0d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaa4|C:\Program Files\Mozilla Firefox\xul.dll+bab3e3|C:\Program Files\Mozilla Firefox\xul.dll+bac0d1|C:\Program Files\Mozilla Firefox\xul.dll+bab0dd|C:\Program Files\Mozilla Firefox\xul.dll+bab032|C:\Program Files\Mozilla Firefox\xul.dll+b7c131|C:\Program Files\Mozilla Firefox\xul.dll+1a25c2a|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a 10341000x8000000000000000138841Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:43.452{6EDEAD03-5391-615D-0E01-00000000FC01}48005132C:\Windows\Explorer.EXE{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62df7|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138840Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:43.452{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138839Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:43.452{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138838Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:43.450{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138837Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:43.450{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138836Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:43.405{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+ed6d5e|C:\Program Files\Mozilla Firefox\xul.dll+289542|C:\Program Files\Mozilla Firefox\xul.dll+28882f|C:\Program Files\Mozilla Firefox\xul.dll+28861a|C:\Program Files\Mozilla Firefox\xul.dll+eeff55|C:\Program Files\Mozilla Firefox\xul.dll+18b861a|C:\Program Files\Mozilla Firefox\xul.dll+1acc418|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1ace974|C:\Program Files\Mozilla Firefox\xul.dll+177715e|C:\Program Files\Mozilla Firefox\xul.dll+1ac1b7d|C:\Program Files\Mozilla Firefox\xul.dll+f1bcd0|C:\Program Files\Mozilla Firefox\xul.dll+f1bb45|C:\Program Files\Mozilla Firefox\xul.dll+f1b6d4|C:\Program Files\Mozilla Firefox\xul.dll+f1b179|C:\Program Files\Mozilla Firefox\xul.dll+f1bdaf|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e 10341000x8000000000000000138835Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:43.405{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+ed6d37|C:\Program Files\Mozilla Firefox\xul.dll+289542|C:\Program Files\Mozilla Firefox\xul.dll+28882f|C:\Program Files\Mozilla Firefox\xul.dll+28861a|C:\Program Files\Mozilla Firefox\xul.dll+eeff55|C:\Program Files\Mozilla Firefox\xul.dll+18b861a|C:\Program Files\Mozilla Firefox\xul.dll+1acc418|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1ace974|C:\Program Files\Mozilla Firefox\xul.dll+177715e|C:\Program Files\Mozilla Firefox\xul.dll+1ac1b7d|C:\Program Files\Mozilla Firefox\xul.dll+f1bcd0|C:\Program Files\Mozilla Firefox\xul.dll+f1bb45|C:\Program Files\Mozilla Firefox\xul.dll+f1b6d4|C:\Program Files\Mozilla Firefox\xul.dll+f1b179|C:\Program Files\Mozilla Firefox\xul.dll+f1bdaf|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e 10341000x8000000000000000138834Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:43.404{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+ed6d0c|C:\Program Files\Mozilla Firefox\xul.dll+289542|C:\Program Files\Mozilla Firefox\xul.dll+28882f|C:\Program Files\Mozilla Firefox\xul.dll+28861a|C:\Program Files\Mozilla Firefox\xul.dll+eeff55|C:\Program Files\Mozilla Firefox\xul.dll+18b861a|C:\Program Files\Mozilla Firefox\xul.dll+1acc418|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1ace974|C:\Program Files\Mozilla Firefox\xul.dll+177715e|C:\Program Files\Mozilla Firefox\xul.dll+1ac1b7d|C:\Program Files\Mozilla Firefox\xul.dll+f1bcd0|C:\Program Files\Mozilla Firefox\xul.dll+f1bb45|C:\Program Files\Mozilla Firefox\xul.dll+f1b6d4|C:\Program Files\Mozilla Firefox\xul.dll+f1b179|C:\Program Files\Mozilla Firefox\xul.dll+f1bdaf|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e 354300x8000000000000000138833Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:41.506{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55098- 354300x8000000000000000138832Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:41.506{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56481- 354300x8000000000000000138831Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:41.505{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56823- 354300x8000000000000000138830Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:41.505{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61883- 23542300x8000000000000000138829Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:43.356{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\2Dr_W9Om.zip.partMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138828Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:43.347{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\ZJUI0E~1.DEF\cert9.db-journalMD5=8113BD6AC70220435794A965742ADF73,SHA256=21DA547C77EB96160C5D0430F7E20A23498C07EFF15FA19939F30DAD67CCEA12,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138827Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:43.312{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\permissions.sqlite-journalMD5=14E606020FF934108B33272497F9AFBF,SHA256=3662372941C2DAA8F74D575A790B603A026187EA33FBD38A19FCA8EBAD4644CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138826Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:43.211{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2EB8C891EE4F16620A6539968E2D7174,SHA256=0EA978A5791677BAB85595FFE09C92BD295C8826E1B4FEA0691D14985DE14995,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120739Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:44.387{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D891B29D0DEC0EBC1F6EAFEDD2E5DC55,SHA256=D4BC06FE898F56A83E9A641BF138F22796FB718A59E08735D0D4E9F1897B9F30,IMPHASH=00000000000000000000000000000000falsetrue 22542200x8000000000000000138883Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:42.649{6EDEAD03-61B3-615D-D602-00000000FC01}1892cs22.wpc.v0cdn.net0152.199.19.160;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138882Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:42.648{6EDEAD03-61B3-615D-D602-00000000FC01}1892download.sysinternals.com0type: 5 az155186.vo.msecnd.net;type: 5 cs22.wpc.v0cdn.net;::ffff:152.199.19.160;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138881Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:42.120{6EDEAD03-61B3-615D-D602-00000000FC01}1892onedscolprduks00.uksouth.cloudapp.azure.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138880Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:42.110{6EDEAD03-61B3-615D-D602-00000000FC01}1892onedscolprduks00.uksouth.cloudapp.azure.com051.105.71.136;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000138879Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:44.447{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b5f98a|C:\Program Files\Mozilla Firefox\xul.dll+2dbf19|C:\Program Files\Mozilla Firefox\xul.dll+2dbe24|C:\Program Files\Mozilla Firefox\xul.dll+2dbc0d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaa4|C:\Program Files\Mozilla Firefox\xul.dll+bab3e3|C:\Program Files\Mozilla Firefox\xul.dll+bac0d1|C:\Program Files\Mozilla Firefox\xul.dll+bab0dd|C:\Program Files\Mozilla Firefox\xul.dll+bab032|C:\Program Files\Mozilla Firefox\xul.dll+b7c131|C:\Program Files\Mozilla Firefox\xul.dll+1a25c2a|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a 354300x8000000000000000138878Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:42.193{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64699-false51.105.71.136-443https 354300x8000000000000000138877Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:42.125{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64697-false51.105.71.136-443https 354300x8000000000000000138876Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:42.122{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64698-false51.105.71.136-443https 354300x8000000000000000138875Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:42.109{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57032- 354300x8000000000000000138874Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:42.106{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58063- 354300x8000000000000000138873Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:41.795{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruetruefe80:0:0:0:0:ffff:ffff:fffe-53587-true2001:503:ba3e:0:0:0:2:30-53domain 354300x8000000000000000138872Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:41.506{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54712- 23542300x8000000000000000138871Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:44.228{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CCFCAE66D6B072211019433B9E2158FF,SHA256=DF18C3AA0430F6A521D37E29A5CA690CEAE3EECC1DA9467F1B0FD85DD4A0AF47,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138870Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:44.228{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b5f98a|C:\Program Files\Mozilla Firefox\xul.dll+2dbf19|C:\Program Files\Mozilla Firefox\xul.dll+2dbe24|C:\Program Files\Mozilla Firefox\xul.dll+2dbc0d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaa4|C:\Program Files\Mozilla Firefox\xul.dll+bab3e3|C:\Program Files\Mozilla Firefox\xul.dll+bac0d1|C:\Program Files\Mozilla Firefox\xul.dll+bab0dd|C:\Program Files\Mozilla Firefox\xul.dll+bab032|C:\Program Files\Mozilla Firefox\xul.dll+b7c131|C:\Program Files\Mozilla Firefox\xul.dll+1a25c2a|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a 10341000x8000000000000000138869Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:44.227{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b5f98a|C:\Program Files\Mozilla Firefox\xul.dll+2dbf19|C:\Program Files\Mozilla Firefox\xul.dll+2dbe24|C:\Program Files\Mozilla Firefox\xul.dll+2dbc0d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaa4|C:\Program Files\Mozilla Firefox\xul.dll+bab3e3|C:\Program Files\Mozilla Firefox\xul.dll+bac0d1|C:\Program Files\Mozilla Firefox\xul.dll+bab0dd|C:\Program Files\Mozilla Firefox\xul.dll+bab032|C:\Program Files\Mozilla Firefox\xul.dll+b7c131|C:\Program Files\Mozilla Firefox\xul.dll+1a25c2a|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a 10341000x8000000000000000138868Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:44.190{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b5f98a|C:\Program Files\Mozilla Firefox\xul.dll+2dbf19|C:\Program Files\Mozilla Firefox\xul.dll+2dbe24|C:\Program Files\Mozilla Firefox\xul.dll+2dbc0d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaa4|C:\Program Files\Mozilla Firefox\xul.dll+bab3e3|C:\Program Files\Mozilla Firefox\xul.dll+bac0d1|C:\Program Files\Mozilla Firefox\xul.dll+bab0dd|C:\Program Files\Mozilla Firefox\xul.dll+bab032|C:\Program Files\Mozilla Firefox\xul.dll+b7c131|C:\Program Files\Mozilla Firefox\xul.dll+1a25c2a|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a 10341000x8000000000000000138867Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:44.190{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b5f98a|C:\Program Files\Mozilla Firefox\xul.dll+2dbf19|C:\Program Files\Mozilla Firefox\xul.dll+2dbe24|C:\Program Files\Mozilla Firefox\xul.dll+2dbc0d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaa4|C:\Program Files\Mozilla Firefox\xul.dll+bab3e3|C:\Program Files\Mozilla Firefox\xul.dll+bac0d1|C:\Program Files\Mozilla Firefox\xul.dll+bab0dd|C:\Program Files\Mozilla Firefox\xul.dll+bab032|C:\Program Files\Mozilla Firefox\xul.dll+b7c131|C:\Program Files\Mozilla Firefox\xul.dll+1a25c2a|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a 10341000x8000000000000000138866Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:44.137{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b5f98a|C:\Program Files\Mozilla Firefox\xul.dll+2dbf19|C:\Program Files\Mozilla Firefox\xul.dll+2dbe24|C:\Program Files\Mozilla Firefox\xul.dll+2dbc0d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaa4|C:\Program Files\Mozilla Firefox\xul.dll+bab3e3|C:\Program Files\Mozilla Firefox\xul.dll+bac0d1|C:\Program Files\Mozilla Firefox\xul.dll+bab0dd|C:\Program Files\Mozilla Firefox\xul.dll+bab032|C:\Program Files\Mozilla Firefox\xul.dll+b7c131|C:\Program Files\Mozilla Firefox\xul.dll+1a25c2a|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a 10341000x8000000000000000138865Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:44.137{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b5f98a|C:\Program Files\Mozilla Firefox\xul.dll+2dbf19|C:\Program Files\Mozilla Firefox\xul.dll+2dbe24|C:\Program Files\Mozilla Firefox\xul.dll+2dbc0d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaa4|C:\Program Files\Mozilla Firefox\xul.dll+bab3e3|C:\Program Files\Mozilla Firefox\xul.dll+bac0d1|C:\Program Files\Mozilla Firefox\xul.dll+bab0dd|C:\Program Files\Mozilla Firefox\xul.dll+bab032|C:\Program Files\Mozilla Firefox\xul.dll+b7c131|C:\Program Files\Mozilla Firefox\xul.dll+1a25c2a|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a 10341000x8000000000000000138864Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:44.103{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b5f98a|C:\Program Files\Mozilla Firefox\xul.dll+2dbf19|C:\Program Files\Mozilla Firefox\xul.dll+2dbe24|C:\Program Files\Mozilla Firefox\xul.dll+2dbc0d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaa4|C:\Program Files\Mozilla Firefox\xul.dll+bab3e3|C:\Program Files\Mozilla Firefox\xul.dll+bac0d1|C:\Program Files\Mozilla Firefox\xul.dll+bab0dd|C:\Program Files\Mozilla Firefox\xul.dll+bab032|C:\Program Files\Mozilla Firefox\xul.dll+b7c131|C:\Program Files\Mozilla Firefox\xul.dll+1a25c2a|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a 10341000x8000000000000000138863Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:44.102{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b5f98a|C:\Program Files\Mozilla Firefox\xul.dll+2dbf19|C:\Program Files\Mozilla Firefox\xul.dll+2dbe24|C:\Program Files\Mozilla Firefox\xul.dll+2dbc0d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaa4|C:\Program Files\Mozilla Firefox\xul.dll+bab3e3|C:\Program Files\Mozilla Firefox\xul.dll+bac0d1|C:\Program Files\Mozilla Firefox\xul.dll+bab0dd|C:\Program Files\Mozilla Firefox\xul.dll+bab032|C:\Program Files\Mozilla Firefox\xul.dll+b7c131|C:\Program Files\Mozilla Firefox\xul.dll+1a25c2a|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a 10341000x8000000000000000138862Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:44.092{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b5f98a|C:\Program Files\Mozilla Firefox\xul.dll+2dbf19|C:\Program Files\Mozilla Firefox\xul.dll+2dbe24|C:\Program Files\Mozilla Firefox\xul.dll+2dbc0d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaa4|C:\Program Files\Mozilla Firefox\xul.dll+bab3e3|C:\Program Files\Mozilla Firefox\xul.dll+bac0d1|C:\Program Files\Mozilla Firefox\xul.dll+bab0dd|C:\Program Files\Mozilla Firefox\xul.dll+bab032|C:\Program Files\Mozilla Firefox\xul.dll+b7c131|C:\Program Files\Mozilla Firefox\xul.dll+1a25c2a|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a 10341000x8000000000000000138861Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:44.092{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b5f98a|C:\Program Files\Mozilla Firefox\xul.dll+2dbf19|C:\Program Files\Mozilla Firefox\xul.dll+2dbe24|C:\Program Files\Mozilla Firefox\xul.dll+2dbc0d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaa4|C:\Program Files\Mozilla Firefox\xul.dll+bab3e3|C:\Program Files\Mozilla Firefox\xul.dll+bac0d1|C:\Program Files\Mozilla Firefox\xul.dll+bab0dd|C:\Program Files\Mozilla Firefox\xul.dll+bab032|C:\Program Files\Mozilla Firefox\xul.dll+b7c131|C:\Program Files\Mozilla Firefox\xul.dll+1a25c2a|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a 10341000x8000000000000000138860Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:44.003{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b5f98a|C:\Program Files\Mozilla Firefox\xul.dll+2dbf19|C:\Program Files\Mozilla Firefox\xul.dll+2dbe24|C:\Program Files\Mozilla Firefox\xul.dll+2dbc0d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaa4|C:\Program Files\Mozilla Firefox\xul.dll+bab3e3|C:\Program Files\Mozilla Firefox\xul.dll+bac0d1|C:\Program Files\Mozilla Firefox\xul.dll+bab0dd|C:\Program Files\Mozilla Firefox\xul.dll+bab032|C:\Program Files\Mozilla Firefox\xul.dll+b7c131|C:\Program Files\Mozilla Firefox\xul.dll+1a25c2a|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a 10341000x8000000000000000138859Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:44.002{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b5f98a|C:\Program Files\Mozilla Firefox\xul.dll+2dbf19|C:\Program Files\Mozilla Firefox\xul.dll+2dbe24|C:\Program Files\Mozilla Firefox\xul.dll+2dbc0d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaa4|C:\Program Files\Mozilla Firefox\xul.dll+bab3e3|C:\Program Files\Mozilla Firefox\xul.dll+bac0d1|C:\Program Files\Mozilla Firefox\xul.dll+bab0dd|C:\Program Files\Mozilla Firefox\xul.dll+bab032|C:\Program Files\Mozilla Firefox\xul.dll+b7c131|C:\Program Files\Mozilla Firefox\xul.dll+1a25c2a|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a 23542300x8000000000000000120738Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:44.355{49C67628-5044-615D-2200-00000000FD01}1580NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120741Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:43.865{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50601-false10.0.1.12-8089- 23542300x8000000000000000120740Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:45.402{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E1555B6E668C8B5CD743E1BADCA96E1A,SHA256=15514CF9F737FEC3A1514B967F236BC99CB70C8DB617C7E085ED41D64C2196BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138920Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:45.901{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138919Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:45.895{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+bf7923|C:\Program Files\Mozilla Firefox\xul.dll+bf6fc1|C:\Program Files\Mozilla Firefox\xul.dll+beec83|C:\Program Files\Mozilla Firefox\xul.dll+bf8370|C:\Program Files\Mozilla Firefox\xul.dll+fc0059|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a|C:\Program Files\Mozilla Firefox\xul.dll+eb6c37|C:\Program Files\Mozilla Firefox\xul.dll+eb67ec|C:\Program Files\Mozilla Firefox\xul.dll+2b70e2|C:\Program Files\Mozilla Firefox\xul.dll+1ac273f|C:\Program Files\Mozilla Firefox\xul.dll+f1ccb6 22542200x8000000000000000138918Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:42.650{6EDEAD03-61B3-615D-D602-00000000FC01}1892cs22.wpc.v0cdn.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000138917Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:45.567{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\webappsstore.sqlite-walMD5=6EA74A982C71A13E527E78A59EE480FE,SHA256=B083BB8A0A5976C6FD383CE513731230949D88F37DEF3BCAA305677844FF6AA8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138916Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:45.565{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\webappsstore.sqlite-shmMD5=EDFE84D518453EC91CC953701A130DC6,SHA256=A0D3871F0BD91A615E6DA76A84E5027D988769218470705843E217C2C373ADA5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138915Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:45.558{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++www.google.com\ls\data.sqlite-journalMD5=877A3500D89520E77BC4E717315A34F4,SHA256=6146B160C956B4B60E6153C578A4CA145241602EC23DC2F58C756939938A78E8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138914Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:45.537{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+bf7923|C:\Program Files\Mozilla Firefox\xul.dll+bf6fc1|C:\Program Files\Mozilla Firefox\xul.dll+beec83|C:\Program Files\Mozilla Firefox\xul.dll+bf8370|C:\Program Files\Mozilla Firefox\xul.dll+fc0059|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a|C:\Program Files\Mozilla Firefox\xul.dll+eb6c37|C:\Program Files\Mozilla Firefox\xul.dll+eb67ec|C:\Program Files\Mozilla Firefox\xul.dll+2b70e2|C:\Program Files\Mozilla Firefox\xul.dll+1ac273f|C:\Program Files\Mozilla Firefox\xul.dll+f1bcd0 23542300x8000000000000000138913Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:45.531{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++www.google.com\ls\data.sqlite-journalMD5=F79447907E1B7F5CA45ABEC3785C92E4,SHA256=2B9CFF140E49194CB36D40380816E1D4CC342AFA0663EC25C9EB289F4D6AD9B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138912Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:45.521{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++www.google.com\ls\data.sqlite-journalMD5=BE4B053D7B7A3B119AA0263824F52258,SHA256=6C6204750F75DC665093B6433B0BE4BB13EABE8F9DC27318D4B87ABBB9D37E70,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138911Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:45.518{6EDEAD03-61B3-615D-D602-00000000FC01}18925240C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+ee090f|C:\Program Files\Mozilla Firefox\nss3.dll+7647d|C:\Program Files\Mozilla Firefox\nss3.dll+8e401|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000138910Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:45.513{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++www.google.com\ls\data.sqlite-journalMD5=33324E5268760E3326EEE89EE6CC0688,SHA256=3C3EC5A0026EAEE2190EF9D1C8471703D74017B72D0FBEA073D0F9A53911FA6E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138909Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:45.506{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+bf7923|C:\Program Files\Mozilla Firefox\xul.dll+bf6fc1|C:\Program Files\Mozilla Firefox\xul.dll+beec83|C:\Program Files\Mozilla Firefox\xul.dll+bf8370|C:\Program Files\Mozilla Firefox\xul.dll+fc0059|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a|C:\Program Files\Mozilla Firefox\xul.dll+eb6c37|C:\Program Files\Mozilla Firefox\xul.dll+eb67ec|C:\Program Files\Mozilla Firefox\xul.dll+2b70e2|C:\Program Files\Mozilla Firefox\xul.dll+1ac273f|C:\Program Files\Mozilla Firefox\xul.dll+f1bcd0 10341000x8000000000000000138908Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:45.504{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+bf7923|C:\Program Files\Mozilla Firefox\xul.dll+bf6fc1|C:\Program Files\Mozilla Firefox\xul.dll+beec83|C:\Program Files\Mozilla Firefox\xul.dll+bf8370|C:\Program Files\Mozilla Firefox\xul.dll+fc0059|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a|C:\Program Files\Mozilla Firefox\xul.dll+eb6c37|C:\Program Files\Mozilla Firefox\xul.dll+eb67ec|C:\Program Files\Mozilla Firefox\xul.dll+2b70e2|C:\Program Files\Mozilla Firefox\xul.dll+1ac273f|C:\Program Files\Mozilla Firefox\xul.dll+f1bcd0 10341000x8000000000000000138907Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:45.504{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b695f9|C:\Program Files\Mozilla Firefox\xul.dll+b7958a|C:\Program Files\Mozilla Firefox\xul.dll+b56ab9|C:\Program Files\Mozilla Firefox\xul.dll+b6c350|C:\Program Files\Mozilla Firefox\xul.dll+1a24c7c|C:\Program Files\Mozilla Firefox\xul.dll+192fc92|C:\Program Files\Mozilla Firefox\xul.dll+192dfcc|C:\Program Files\Mozilla Firefox\xul.dll+389558|C:\Program Files\Mozilla Firefox\xul.dll+fc7f96|C:\Program Files\Mozilla Firefox\xul.dll+fc782d|C:\Program Files\Mozilla Firefox\xul.dll+fc7a23|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937 10341000x8000000000000000138906Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:45.490{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b66218|C:\Program Files\Mozilla Firefox\xul.dll+19ae8d1|C:\Program Files\Mozilla Firefox\xul.dll+167af82|C:\Program Files\Mozilla Firefox\xul.dll+19d767c|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+19fd48|C:\Program Files\Mozilla Firefox\xul.dll+19ebff|C:\Program Files\Mozilla Firefox\xul.dll+421d77a|C:\Program Files\Mozilla Firefox\xul.dll+4289755|C:\Program Files\Mozilla Firefox\xul.dll+428a573|C:\Program Files\Mozilla Firefox\xul.dll+1efe833|C:\Program Files\Mozilla Firefox\firefox.exe+5c6d|C:\Program Files\Mozilla Firefox\firefox.exe+1bbb8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138905Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:45.442{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+ed6d5e|C:\Program Files\Mozilla Firefox\xul.dll+289542|C:\Program Files\Mozilla Firefox\xul.dll+28882f|C:\Program Files\Mozilla Firefox\xul.dll+28861a|C:\Program Files\Mozilla Firefox\xul.dll+eeff55|C:\Program Files\Mozilla Firefox\xul.dll+18b861a|C:\Program Files\Mozilla Firefox\xul.dll+1acc418|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1ace974|C:\Program Files\Mozilla Firefox\xul.dll+177715e|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+39e59ac|C:\Program Files\Mozilla Firefox\xul.dll+39e5d3d|C:\Program Files\Mozilla Firefox\xul.dll+36bc536|C:\Program Files\Mozilla Firefox\xul.dll+2dc8336|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|C:\Program Files\Mozilla Firefox\xul.dll+16d0278|C:\Program Files\Mozilla Firefox\xul.dll+163685|C:\Program Files\Mozilla Firefox\xul.dll+1b6a6c6 10341000x8000000000000000138904Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:45.441{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+ed6d37|C:\Program Files\Mozilla Firefox\xul.dll+289542|C:\Program Files\Mozilla Firefox\xul.dll+28882f|C:\Program Files\Mozilla Firefox\xul.dll+28861a|C:\Program Files\Mozilla Firefox\xul.dll+eeff55|C:\Program Files\Mozilla Firefox\xul.dll+18b861a|C:\Program Files\Mozilla Firefox\xul.dll+1acc418|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1ace974|C:\Program Files\Mozilla Firefox\xul.dll+177715e|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+39e59ac|C:\Program Files\Mozilla Firefox\xul.dll+39e5d3d|C:\Program Files\Mozilla Firefox\xul.dll+36bc536|C:\Program Files\Mozilla Firefox\xul.dll+2dc8336|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|C:\Program Files\Mozilla Firefox\xul.dll+16d0278|C:\Program Files\Mozilla Firefox\xul.dll+163685|C:\Program Files\Mozilla Firefox\xul.dll+1b6a6c6 10341000x8000000000000000138903Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:45.441{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+ed6d0c|C:\Program Files\Mozilla Firefox\xul.dll+289542|C:\Program Files\Mozilla Firefox\xul.dll+28882f|C:\Program Files\Mozilla Firefox\xul.dll+28861a|C:\Program Files\Mozilla Firefox\xul.dll+eeff55|C:\Program Files\Mozilla Firefox\xul.dll+18b861a|C:\Program Files\Mozilla Firefox\xul.dll+1acc418|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1acc65f|C:\Program Files\Mozilla Firefox\xul.dll+1ace974|C:\Program Files\Mozilla Firefox\xul.dll+177715e|C:\Program Files\Mozilla Firefox\xul.dll+1776835|C:\Program Files\Mozilla Firefox\xul.dll+39e59ac|C:\Program Files\Mozilla Firefox\xul.dll+39e5d3d|C:\Program Files\Mozilla Firefox\xul.dll+36bc536|C:\Program Files\Mozilla Firefox\xul.dll+2dc8336|C:\Program Files\Mozilla Firefox\xul.dll+17035a0|C:\Program Files\Mozilla Firefox\xul.dll+16d0278|C:\Program Files\Mozilla Firefox\xul.dll+163685|C:\Program Files\Mozilla Firefox\xul.dll+1b6a6c6 15241500x8000000000000000138902Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:45.427{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\Downloads\SDelete.zip:Zone.Identifier2021-10-06 08:43:43.355MD5=462FD99BF739C09B7830453E84359876,SHA256=F23BAA3F0E79951C7BF1885E32C841F0D66683D96DEE6994672D102E47D8AFA3,IMPHASH=00000000000000000000000000000000[ZoneTransfer] ZoneId=3 ReferrerUrl=https://docs.microsoft.com/ HostUrl=https://download.sysinternals.com/files/SDelete.zip 11241100x8000000000000000138901Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.localDownloads2021-10-06 08:43:45.424{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\Downloads\SDelete.zip:Zone.Identifier2021-10-06 08:43:43.355 15241500x8000000000000000138900Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:45.408{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\Downloads\SDelete.zip2021-10-06 08:43:43.355MD5=C822781EF7412B58DA9BBFBC017FF1E7,SHA256=49CFC704A431D0F4557D06561310ADE7BA78B84C389A99CBE0FAC83410F6B255,IMPHASH=00000000000000000000000000000000- 354300x8000000000000000138899Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:42.747{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruetruefe80:0:0:0:0:ffff:ffff:fffe-52279-true2001:500:2d:0:0:0:0:dd.root-servers.net53domain 354300x8000000000000000138898Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:42.649{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64700-false152.199.19.160-443https 354300x8000000000000000138897Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:42.649{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local63236- 354300x8000000000000000138896Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:42.648{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local65226- 354300x8000000000000000138895Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:42.642{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60450- 354300x8000000000000000138894Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:42.522{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruetruefe80:0:0:0:0:ffff:ffff:fffe-53480-true2001:500:1:0:0:0:0:53-53domain 10341000x8000000000000000138893Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:45.301{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+bf7923|C:\Program Files\Mozilla Firefox\xul.dll+bf6fc1|C:\Program Files\Mozilla Firefox\xul.dll+beec83|C:\Program Files\Mozilla Firefox\xul.dll+bf8370|C:\Program Files\Mozilla Firefox\xul.dll+fc0059|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+fe5387|C:\Program Files\Mozilla Firefox\xul.dll+1a25bf8|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a|C:\Program Files\Mozilla Firefox\xul.dll+eb6c37|C:\Program Files\Mozilla Firefox\xul.dll+eb67ec|C:\Program Files\Mozilla Firefox\xul.dll+2b70e2 23542300x8000000000000000138892Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:45.246{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=040BBE2079A5952CC486580C03FB484F,SHA256=693DC48A530BA84A1B8E9661D440894893F40C3001A75BA3C3D6E30B830438BF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138891Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:45.231{6EDEAD03-5391-615D-0E01-00000000FC01}48005132C:\Windows\Explorer.EXE{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62df7|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138890Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:45.229{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138889Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:45.229{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138888Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:45.226{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138887Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:45.226{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x8000000000000000138886Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.localDownloads2021-10-06 08:43:45.187{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\Downloads\SDelete.zip2021-10-06 08:43:45.187 10341000x8000000000000000138885Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:45.184{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b5f98a|C:\Program Files\Mozilla Firefox\xul.dll+2dbf19|C:\Program Files\Mozilla Firefox\xul.dll+2dbe24|C:\Program Files\Mozilla Firefox\xul.dll+2dbc0d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaa4|C:\Program Files\Mozilla Firefox\xul.dll+bab3e3|C:\Program Files\Mozilla Firefox\xul.dll+bac0d1|C:\Program Files\Mozilla Firefox\xul.dll+bab0dd|C:\Program Files\Mozilla Firefox\xul.dll+bab032|C:\Program Files\Mozilla Firefox\xul.dll+b7c131|C:\Program Files\Mozilla Firefox\xul.dll+1a25c2a|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a 10341000x8000000000000000138884Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:45.095{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b5f98a|C:\Program Files\Mozilla Firefox\xul.dll+2dbf19|C:\Program Files\Mozilla Firefox\xul.dll+2dbe24|C:\Program Files\Mozilla Firefox\xul.dll+2dbc0d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaa4|C:\Program Files\Mozilla Firefox\xul.dll+bab3e3|C:\Program Files\Mozilla Firefox\xul.dll+bac0d1|C:\Program Files\Mozilla Firefox\xul.dll+bab0dd|C:\Program Files\Mozilla Firefox\xul.dll+bab032|C:\Program Files\Mozilla Firefox\xul.dll+b7c131|C:\Program Files\Mozilla Firefox\xul.dll+1a25c2a|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a 23542300x8000000000000000120742Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:46.418{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A90EB2DCE207C9844461D58684FE6A38,SHA256=EF21BE912A6F8123808FD524B89C3426C9672780D8F18D626FEC2F6DB2D86A02,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138947Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:46.871{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\webappsstore.sqlite-walMD5=B7561779A5C5B0C38C8531328B6C7B81,SHA256=3EC6722C9F3C54FFC4A4B635DD054B6D640A9C0CCD6F7B57F70474EB531B74C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138946Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:46.869{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\webappsstore.sqlite-shmMD5=61E8961C60683A1D101C4B2CC3B5F750,SHA256=18E356CCC8D74E3BAE2B2DFD56A0545EEDC89BFC07A5265D30A60CAE7F271C41,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138945Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:46.865{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++docs.microsoft.com\ls\data.sqlite-journalMD5=8EFD1ED1F8DC2FAAA2F0592EEFD81B5C,SHA256=F09FD235D1BB75224DDDE66CDB8EE731FE89DAAC24F6872E16E671D63E8F1DAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138944Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:46.851{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++docs.microsoft.com\ls\data.sqlite-journalMD5=433868FB54B16A385B404BFD51888431,SHA256=2097AABD6C9194D2977AC68311D24AAFCBE74C8DD20F5D5FDF848E8433041A9F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138943Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:46.843{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++docs.microsoft.com\ls\data.sqlite-journalMD5=0B10787E65EDE7C25B6CBA85FBEE22FF,SHA256=D6EAEA251B8AD555CB52BA0FC34EE09B802B0D48CEF6F4F8F3EA0FB9D4ABC786,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138942Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:46.835{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\default\https+++docs.microsoft.com\ls\data.sqlite-journalMD5=73E1540024F9F50C65B2E7F11C63A7C8,SHA256=302F294E269D5D1EE37FA485CACECCD85D1218F237A49D5948506DACA0FF98C9,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138941Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:46.781{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b5f98a|C:\Program Files\Mozilla Firefox\xul.dll+2dbf19|C:\Program Files\Mozilla Firefox\xul.dll+2dbe24|C:\Program Files\Mozilla Firefox\xul.dll+2dbc0d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaa4|C:\Program Files\Mozilla Firefox\xul.dll+bab3e3|C:\Program Files\Mozilla Firefox\xul.dll+bac0d1|C:\Program Files\Mozilla Firefox\xul.dll+bab0dd|C:\Program Files\Mozilla Firefox\xul.dll+bab032|C:\Program Files\Mozilla Firefox\xul.dll+b7c131|C:\Program Files\Mozilla Firefox\xul.dll+1a25c2a|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a 10341000x8000000000000000138940Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:46.764{6EDEAD03-5391-615D-0801-00000000FC01}43684476C:\Windows\system32\taskhostw.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 22542200x8000000000000000138939Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:44.625{6EDEAD03-61B3-615D-D602-00000000FC01}1892sb-ssl.l.google.com02a00:1450:4001:828::200e;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138938Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:44.600{6EDEAD03-61B3-615D-D602-00000000FC01}1892sb-ssl.l.google.com0142.250.186.78;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000138937Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:44.598{6EDEAD03-61B3-615D-D602-00000000FC01}1892sb-ssl.google.com0type: 5 sb-ssl.l.google.com;::ffff:142.250.186.78;C:\Program Files\Mozilla Firefox\firefox.exe 354300x8000000000000000138936Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:44.713{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local59465-false142.250.186.78fra24s05-in-f14.1e100.net443https 354300x8000000000000000138935Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:44.648{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64702-false142.250.186.131fra24s07-in-f3.1e100.net80http 354300x8000000000000000138934Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:44.600{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59464- 354300x8000000000000000138933Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:44.600{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64701-false142.250.186.78fra24s05-in-f14.1e100.net443https 354300x8000000000000000138932Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:44.548{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-63362- 354300x8000000000000000138931Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:44.548{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-55128- 354300x8000000000000000138930Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:44.548{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-55795- 354300x8000000000000000138929Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:44.522{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55128- 354300x8000000000000000138928Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:44.522{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55795- 354300x8000000000000000138927Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:44.521{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local63362- 354300x8000000000000000138926Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:43.542{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-55072- 354300x8000000000000000138925Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:43.518{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55072- 354300x8000000000000000138924Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:43.518{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59706- 23542300x8000000000000000138923Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:46.268{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F05DEA5A8DF7447E835335B4DDE36792,SHA256=9657B3FC7A438D9ADCF94F37443588063D07ABFA2845378E97A1DF28DB1F28D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138922Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:46.058{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=FBDE9FB4A4374D0362276306C575FEC9,SHA256=C482E251D3CB3AC839DDC91184B041604770961A0E6432EE7065301145E5E93F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138921Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:46.056{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=1800A0A7B6E93C696B661EE7424EEB55,SHA256=74709CCF297DDE151FCF66A5FD6F42C0B5F0DE94DA63CA6513033867FB885CAD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138953Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:47.954{6EDEAD03-61B5-615D-DA02-00000000FC01}6076ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\mozilla-temp-files\mozilla-temp-41MD5=D910AD167F0217587501FDCDB33CC544,SHA256=E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138952Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:47.520{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=0A0AD2BA58C15303C2B52741B9B64D29,SHA256=E8A314F7647261E223472D83C03C01172550BAEB81723D02BF64697766933A79,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138951Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:47.519{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shmMD5=80582C0C264D3D71ABC824A065377DD5,SHA256=9A327E98A0E81287FA55923F7A82904457C235C4366E4B4E134C820CE817A099,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138950Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:47.518{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmMD5=A6468779105869C5A7334299F42443E0,SHA256=179B3570160CCF4185273DE9D63CC383CEE6E6DC29C340D5DAFDE13671AD4C71,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138949Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:47.516{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shmMD5=9AEED6502F49075F186A39E05E79903A,SHA256=D39A22B190833FFCA3199709D8D178E617A0DD567834705243F0825D9A95B42C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138948Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:47.305{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9E90541BFE09260F61A95476DFFE4ADD,SHA256=D692ED286D36F9FAE0E8B2C86E62A6B6F11B421FC3702D9AB9EE1E15527E02A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120743Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:47.433{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C6E1D28B5BCFDF17126F8F05470E3D80,SHA256=C45CD4E544BA41821B97826FB83C38C014E4B765CD76874E4C11CF2CFBE9CF1E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120744Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:48.449{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8000B9A3A641A779482AFE80EE2A5CC4,SHA256=9CC3236664C377A122C973AFCD2FF8935D3611A5004CCADC4A5441135F870E9D,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000138959Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:45.530{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64703-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000138958Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:44.878{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57517- 354300x8000000000000000138957Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:44.875{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64757- 23542300x8000000000000000138956Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:48.309{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5BACBA1B5789CC7FEDE610AB1ED23921,SHA256=7F04E7A8EE580E3A52E2FCAFCDA2707274DCC310D0DD23ED9AC90789B749F152,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138955Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:48.160{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shmMD5=95B52CE11A7A04C543CD0A12C8A666D2,SHA256=9009847B62CF7B2ACF46459821717F3132C86B512CF3FFF8F7EA95A4CF1F1C0A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138954Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:48.159{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shmMD5=2AB98BD5AA493745B9440EE66B2723CC,SHA256=382EAAB22D610B30C28421FB2AAF405B3DB0948E2EC422A9E9E4D05EC5E017C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120746Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:49.464{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EA81BE9F357479705B342544111EDA9B,SHA256=066E1DD82DC625DD1FEA62CDC75872A4540DC8027C03045B14AC405FD697ED42,IMPHASH=00000000000000000000000000000000falsetrue 13241300x8000000000000000138966Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:43:49.393{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXEHKU\S-1-5-21-1984405510-3441252591-1346373189-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{B8CDCB65-B1BF-4B42-9428-1DFDB7EE92AF} {000214E4-0000-0000-C000-000000000046} 0xFFFFBinary Data 354300x8000000000000000138965Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:46.124{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruetruefe80:0:0:0:0:ffff:ffff:fffe-53587-true2001:500:9f:0:0:0:0:42-53domain 10341000x8000000000000000138964Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:49.354{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2C00-00000000FC01}3052C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138963Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:49.353{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2C00-00000000FC01}3052C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138962Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:49.351{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2C00-00000000FC01}3052C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138961Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:49.351{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2C00-00000000FC01}3052C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000138960Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:49.317{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BEE3210232BB74F46A7BDC5F15D065F6,SHA256=B175D3379B14013E5C03727C0CEA5435C06E4745BE56AE1631141C05CF2EA583,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120745Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:46.583{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50602-false10.0.1.12-8000- 23542300x8000000000000000120747Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:50.472{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=35BE11B62C385854E1D7ED8E1780173C,SHA256=B417729DD3C60822C55C5A7E11B1D8CB9DC2F0288D76D9F11971684D772002F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138967Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:50.334{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BEF43A4701FFCBE51DA3F9ADC1CEFCAB,SHA256=8BA6F13B71EB8F182921518D71944E7BD8C856B9EEB339FAA83D4655D519E834,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120748Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:51.488{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A92DF2D510A96407C4120DBBE2BEF649,SHA256=9380F748966DF92C25E1F0DA8228622ED8DC9E4F9F10BD2442BA1913FC937918,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138989Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:51.393{6EDEAD03-5391-615D-0801-00000000FC01}43684476C:\Windows\system32\taskhostw.exe{6EDEAD03-61C7-615D-E302-00000000FC01}5384C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138988Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:51.391{6EDEAD03-5391-615D-0801-00000000FC01}43684476C:\Windows\system32\taskhostw.exe{6EDEAD03-61C7-615D-E302-00000000FC01}5384C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138987Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:51.389{6EDEAD03-5391-615D-0E01-00000000FC01}48005064C:\Windows\Explorer.EXE{6EDEAD03-61C7-615D-E302-00000000FC01}5384C:\Program Files\7-Zip\7zG.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62890|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138986Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:51.388{6EDEAD03-5391-615D-0E01-00000000FC01}48005064C:\Windows\Explorer.EXE{6EDEAD03-61C7-615D-E302-00000000FC01}5384C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bc0|C:\Windows\System32\SHELL32.dll+6284c|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138985Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:51.388{6EDEAD03-5391-615D-0E01-00000000FC01}48005064C:\Windows\Explorer.EXE{6EDEAD03-61C7-615D-E302-00000000FC01}5384C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62820|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138984Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:51.388{6EDEAD03-5391-615D-0E01-00000000FC01}48005064C:\Windows\Explorer.EXE{6EDEAD03-61C7-615D-E302-00000000FC01}5384C:\Program Files\7-Zip\7zG.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+f5319|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000138983Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:48.581{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-64217- 354300x8000000000000000138982Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:48.556{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64217- 11241100x8000000000000000138981Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.localDownloads2021-10-06 08:43:51.379{6EDEAD03-61C7-615D-E302-00000000FC01}5384C:\Program Files\7-Zip\7zG.exeC:\Users\Administrator\Downloads\Eula.txt2021-10-06 08:43:51.379 11241100x8000000000000000138980Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.localDownloads2021-10-06 08:43:51.374{6EDEAD03-61C7-615D-E302-00000000FC01}5384C:\Program Files\7-Zip\7zG.exeC:\Users\Administrator\Downloads\sdelete64a.exe2021-10-06 08:43:51.374 11241100x8000000000000000138979Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.localDownloads2021-10-06 08:43:51.367{6EDEAD03-61C7-615D-E302-00000000FC01}5384C:\Program Files\7-Zip\7zG.exeC:\Users\Administrator\Downloads\sdelete64.exe2021-10-06 08:43:51.367 11241100x8000000000000000138978Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.localDownloads2021-10-06 08:43:51.358{6EDEAD03-61C7-615D-E302-00000000FC01}5384C:\Program Files\7-Zip\7zG.exeC:\Users\Administrator\Downloads\sdelete.exe2021-10-06 08:43:51.358 23542300x8000000000000000138977Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:51.341{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E6A19DFB00757AE9AA3748A926AFB24B,SHA256=B916FB2F745ED5A33B852E5AF9B21C174490A2B64325A1B0792C6BAAF06F8CCC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000138976Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:51.307{6EDEAD03-5041-615D-1600-00000000FC01}12921948C:\Windows\system32\svchost.exe{6EDEAD03-61C7-615D-E302-00000000FC01}5384C:\Program Files\7-Zip\7zG.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138975Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:51.306{6EDEAD03-5041-615D-1600-00000000FC01}12921348C:\Windows\system32\svchost.exe{6EDEAD03-61C7-615D-E302-00000000FC01}5384C:\Program Files\7-Zip\7zG.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138974Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:51.232{6EDEAD03-538E-615D-FD00-00000000FC01}1001332C:\Windows\system32\csrss.exe{6EDEAD03-61C7-615D-E302-00000000FC01}5384C:\Program Files\7-Zip\7zG.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000138973Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:51.232{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138972Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:51.232{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138971Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:51.231{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138970Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:51.231{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000138969Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:51.231{6EDEAD03-5391-615D-0E01-00000000FC01}48005344C:\Windows\Explorer.EXE{6EDEAD03-61C7-615D-E302-00000000FC01}5384C:\Program Files\7-Zip\7zG.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\7-Zip\7-zip.dll+4f38|C:\Program Files\7-Zip\7-zip.dll+61c5|C:\Program Files\7-Zip\7-zip.dll+698e|C:\Program Files\7-Zip\7-zip.dll+6aa9|C:\Program Files\7-Zip\7-zip.dll+8771|C:\Windows\System32\SHELL32.dll+80257|C:\Windows\System32\SHELL32.dll+6716e|C:\Windows\System32\SHELL32.dll+17c27c|C:\Windows\System32\SHELL32.dll+19ea38|C:\Windows\System32\SHELL32.dll+284683|C:\Windows\system32\explorerframe.dll+13cf7b|C:\Windows\system32\explorerframe.dll+139d07|C:\Windows\System32\SHELL32.dll+17c520|C:\Windows\System32\SHELL32.dll+17999e|C:\Windows\System32\SHELL32.dll+736c1|C:\Windows\System32\SHELL32.dll+765a6|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\System32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026 154100x8000000000000000138968Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:51.221{6EDEAD03-61C7-615D-E302-00000000FC01}5384C:\Program Files\7-Zip\7zG.exe19.007-Zip GUI7-ZipIgor Pavlov7zg.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Administrator\Downloads\" -an -ai#7zMap2547:92:7zEvent18044C:\Windows\system32\ATTACKRANGE\Administrator{6EDEAD03-5390-615D-37C9-0C0000000000}0xcc9372HighMD5=04FB3AE7F05C8BC333125972BA907398,SHA256=2FB898BACB587F2484C9C4AA6DA2729079D93D1F923A017BB84BEEF87BF74FEF,IMPHASH=9CF6F80DD6DFE9900700C1E11C318B2A{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 13241300x8000000000000000120750Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-06 08:43:52.831{49C67628-5043-615D-1500-00000000FD01}1088C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7ba8e-0x4a798645) 23542300x8000000000000000120749Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:52.503{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6867C83BBCECEFF12C2F549B5430908F,SHA256=DFA9D4EEBB6F09B953F738961F1A7BB8F76EB01A2E42992759D0BFB114279F98,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000138994Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:50.548{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64704-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000138993Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:52.365{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DFA178F809E322EC74562B28CECE9D9C,SHA256=8AE5E6F2A82322B53A56CF85DD203B428696F1F7A8D33242ED1D0FAA66CD9C5F,IMPHASH=00000000000000000000000000000000falsetrue 17141700x8000000000000000138992Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-06 08:43:52.358{6EDEAD03-5391-615D-0E01-00000000FC01}4800\UIA_PIPE_4800_0000184dC:\Windows\Explorer.EXE 23542300x8000000000000000138991Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:52.226{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1C941FDDF030DC0C6499AD3BABC330FA,SHA256=3ED3835C8556005C95B9A5F859AEB640C319B762E0B1404173A6A4F05CFD11CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138990Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:52.225{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=69644BC3280172F36A13C065BA6B2E27,SHA256=67C1C2C0E81F2ED3A0CF440B79A417D3ADA98E91ADC7A6BD1EBBA9019F2B8278,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120751Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:53.519{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0505568B900EB26B4F79E6EC6F558C4B,SHA256=A72B691DF1850292F45E01F4C7EC1391821CC4A6BD8FD291AF2EA4BF2BE7C22B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138995Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:53.365{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=977342E9B28EFAAEE2B2B2EAC429B7E6,SHA256=A2F485AD83B3E6FE2E15318306282F11E05C3BF62461665DBAB51D20D334CE56,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120753Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:52.591{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50603-false10.0.1.12-8000- 23542300x8000000000000000120752Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:54.535{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=00C7DA0903DAFB5B9FA892F85F94ED77,SHA256=98C20144CC7114EEC2A97ACAF12BB81673DE78D412423A78617E76ED6D2195D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138996Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:54.391{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EA44ACCCD89E7D1D2F6F9F898E0403C6,SHA256=015805D2FA33FB50E35E35C9CEB6E76AF6D736CFE85451DE3678B97B87C09DFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120754Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:55.566{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7C1535AB3DE42811D4CEAAFFDA837518,SHA256=968DF054E7E1DC6579FC615AD1997676B8A4C8A7628FD4D72353BC389F21AC5E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000138997Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:55.410{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FDFA2EE412D4E1F781A15FA06A608BFA,SHA256=32E7C930D7ADA7D50FCBDFB13A19827BB89751D918B642AC93607E0CC74638A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120755Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:56.613{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6450F78A214DD90B24FE34238F6BAAD6,SHA256=C12831FB81B522C4B820B3965A42609CFDE363D6066DFC6CC2F331D63831BDED,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000139004Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:56.590{6EDEAD03-5041-615D-1600-00000000FC01}12921948C:\Windows\system32\svchost.exe{6EDEAD03-61CC-615D-E402-00000000FC01}5292C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139003Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:56.590{6EDEAD03-5041-615D-1600-00000000FC01}12921348C:\Windows\system32\svchost.exe{6EDEAD03-61CC-615D-E402-00000000FC01}5292C:\Windows\system32\DllHost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139002Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:56.585{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-61CC-615D-E402-00000000FC01}5292C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139001Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:56.579{6EDEAD03-538E-615D-FD00-00000000FC01}1004524C:\Windows\system32\csrss.exe{6EDEAD03-61CC-615D-E402-00000000FC01}5292C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000139000Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:56.576{6EDEAD03-503F-615D-0500-00000000FC01}408356C:\Windows\system32\csrss.exe{6EDEAD03-61CC-615D-E402-00000000FC01}5292C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000138999Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:56.575{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-61CC-615D-E402-00000000FC01}5292C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+366e9|c:\windows\system32\rpcss.dll+3bed2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000138998Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:56.416{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=104EC801664FE30FF98904508B4F2C1B,SHA256=C848A8155D9DC922CA843DCE295A4BE7E7D16307C10DA19F6E218D1EB6560CE9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120756Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:57.644{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D41135C90F013623D6CF518CB939F94C,SHA256=947E799AE244ED6C5B310AB71D8C6125C12BBB4BD8CFD4543C610AD7BE393A69,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139007Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:57.602{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=36BC4480F5262729F41FACAD2333339C,SHA256=C6CD2779D25C5C62A6EFC4BC314A43673A76E990A9F38D4EB9ECAD78F620C771,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139006Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:57.600{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1C941FDDF030DC0C6499AD3BABC330FA,SHA256=3ED3835C8556005C95B9A5F859AEB640C319B762E0B1404173A6A4F05CFD11CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139005Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:57.440{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EBB42B7659BFA4D76E7E9F4E9DCE5E02,SHA256=4BCAC06914B8259CFC2A648FCC14EB4C3F5378B956630A751CB1ACE3242FB618,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120757Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:58.691{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8AD8762CAE6428C9D9A925031B335F6C,SHA256=A8E7D7A69F2964E1BD39635018001318561ADC15972A915CD7799419E3C1459E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139009Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:58.447{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A01EE16ACB9F2670476C274DCD06E3CA,SHA256=C706D31855912D3D1847E1A69740A128F9B6F458A2CFC5A673B78240DE1963B3,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000139008Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:56.514{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64705-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000120758Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:59.816{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ED0F712A94C0103FD21652AF222D77E4,SHA256=E91C87F465E17DB8690077416B7A8E6A63E9463C58582AB0D021BF7B95F7BE74,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139010Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:43:59.458{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E0B1CF9020459F7ECB99BF2C67E4001E,SHA256=278244D277C76350441CA7B7D505ACA78DAD397BEF828A911A3E66E5042196BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120760Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:00.988{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C2FB481428599C5A6EA95C867D2CEE77,SHA256=9C53E2088C641849F65A0EBB0ECB90983013E4D008C74F59A26ED909C246BC31,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139013Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:00.464{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0BDC4D43C14B0E2444361006A910C3B,SHA256=549F249BE06BF79E73C0736E32538DE82624F1082256731DEC09ABCABFF2CA83,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120759Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:43:57.700{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50604-false10.0.1.12-8000- 11241100x8000000000000000139012Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.localEXE2021-10-06 08:44:00.364{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXEC:\Temp\sdelete.exe2021-10-06 08:44:00.364 10341000x8000000000000000139011Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:00.335{6EDEAD03-5391-615D-0801-00000000FC01}43684476C:\Windows\system32\taskhostw.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000120762Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:01.990{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=825555CA6A5BBE49A5B1BF787A8F9FC2,SHA256=2176CEF5C5BD3BB22B7DF030983C86676D168606D171575AF9455E461DBBAABF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139014Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:01.472{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C5F80A84392F815FE8774D56ADA64585,SHA256=E22F39BC530EC5CCED86973DA414AA592B7E28396116CAC93D219636AE45DC45,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120761Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:01.570{49C67628-5044-615D-1A00-00000000FD01}1860NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211006072910-072MD5=266A8C17E3E1B8A0B29A8C5E77CA200E,SHA256=01EFC44F32696762DC9319663F7889EF6AAFD7A8B30AE6A823FD17BD5EE43D66,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000139016Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:02.510{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+a16469|C:\Program Files\Mozilla Firefox\xul.dll+a1638a|C:\Program Files\Mozilla Firefox\xul.dll+a15f79|C:\Program Files\Mozilla Firefox\xul.dll+a120ff|C:\Program Files\Mozilla Firefox\xul.dll+a1240c|C:\Program Files\Mozilla Firefox\xul.dll+b5f98a|C:\Program Files\Mozilla Firefox\xul.dll+2dbf19|C:\Program Files\Mozilla Firefox\xul.dll+2dbe24|C:\Program Files\Mozilla Firefox\xul.dll+2dbc0d|C:\Program Files\Mozilla Firefox\xul.dll+2dbaa4|C:\Program Files\Mozilla Firefox\xul.dll+bab3e3|C:\Program Files\Mozilla Firefox\xul.dll+bac0d1|C:\Program Files\Mozilla Firefox\xul.dll+bab0dd|C:\Program Files\Mozilla Firefox\xul.dll+bab032|C:\Program Files\Mozilla Firefox\xul.dll+b7c131|C:\Program Files\Mozilla Firefox\xul.dll+1a25c2a|C:\Program Files\Mozilla Firefox\xul.dll+b820d4|C:\Program Files\Mozilla Firefox\xul.dll+fdaf04|C:\Program Files\Mozilla Firefox\xul.dll+f46937|C:\Program Files\Mozilla Firefox\xul.dll+2cea6a 23542300x8000000000000000139015Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:02.488{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=466DAE3C120BCC7C32F9F59B4AB4530B,SHA256=933AC66A500D6D41BE90FBD183A2DD7CE0FFD4B5992A4450385B5B8E1885BC2B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120763Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:02.568{49C67628-5044-615D-1A00-00000000FD01}1860NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211006072908-073MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139018Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:03.894{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139017Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:03.492{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E88123A87D88A2FB183866287EC860C9,SHA256=6CDE2B643EA27355274271C636A6AA91D2983B7DAB553978DFF2845120011C4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120764Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:03.193{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C771E73C315232D021696A26800EA80E,SHA256=903D23926CBDB6E5CF2B7481E7BD8F88F88BEDA0060C61C34B5D1B5F199CCBD5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139021Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:04.972{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139020Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:04.712{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=823C57DC45A565C04DCB96705D1475FC,SHA256=F74B7A045C9A0421EB0C0CD2C92A520D3AB1FB0F936E826A2A3581FE1F000BA0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120765Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:04.208{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A2DF8128461692D0C72EDC04EF342F0A,SHA256=DF6E7F932E92E6619AB7B34FB3F5AD7D3968AFD9E68F40D5584A07C7D71C787F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000139019Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:02.514{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64706-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000120767Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:03.576{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50605-false10.0.1.12-8000- 23542300x8000000000000000120766Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:05.239{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C760C6FE21546E954AF2E87673EDE36C,SHA256=591084C65AC5A54B36DB609E600C0BFDDD81D196977703584CB0461A0CDAA225,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139022Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:05.722{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ACD952F998CBA30ECD7DE2D1B7157828,SHA256=E20A7C76FD6A7B4A6E5B0C18F1E563B24192370016337BEC377F73D66CC2FD48,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139023Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:06.738{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=154AD8E47E1928AE29EC25DEBFB1CD46,SHA256=CA4E6A8B4598A65529C6CCF94A5AED4DE31D7C4FD09436E0E11E127D6C92EA32,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120768Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:06.333{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E8D47E305A5E0776C71268E2EDD49EA2,SHA256=D07331DF6C9DF80F9B82497F707AEB8629C403C9B513418B7EAFA493C1D2F6BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139025Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:07.778{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=67F5D982FA7A9397FC348FDDF725DC35,SHA256=8581E6B83BC200351E9F424EC727CC9762F35881BB713A815AE8873C98B9B915,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120769Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:07.364{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B1C5605373D57757BCEC1984527586C4,SHA256=4133A90E2A7D84A6246C1A7C60767289B49116FA6CFBEB899AB54A49EA733E04,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139024Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:07.049{6EDEAD03-5041-615D-1100-00000000FC01}380NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=CCB1F2BD74C359E2F1F0099416D8BA0C,SHA256=614ED8002DD53B4E7CDEBEBC28F77C1E45F7B48CC99A0654BCA14F6CC669238F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139026Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:08.787{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2CEADDC67890D7709EE1897C1BB7A57C,SHA256=0007C641B89CB1F04091701832C256765EF2BA737D79DD37FCD5998F906C4237,IMPHASH=00000000000000000000000000000000falsetrue 13241300x8000000000000000120772Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-06 08:44:08.833{49C67628-5043-615D-1500-00000000FD01}1088C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\W32Time\Config\LastKnownGoodTimeQWORD (0x01d7ba8e-0x54033213) 23542300x8000000000000000120771Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:08.817{49C67628-5043-615D-1200-00000000FD01}1012NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=1EFEE2390D49AF5978635F71CF6BE078,SHA256=50F48E196ACA845465F27A0AB08C474EB893A182A1905A81B0B06EE2ABA45BB0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120770Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:08.427{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F7C13D4AB76FE61708072AA2DED055EF,SHA256=581D33894BAF8685FBFB72654166CAB0B9904E354D5195FCD7918937EE60930E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139027Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:09.842{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BC53C0A8C0F47ED770C6C3EEAF32E0C4,SHA256=FC8D3C5F8ADBEFA0067733BF14DC8C022589B10DBD10FC265BAB5EBEE1F182B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120773Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:09.536{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E02B5FD244F61FCF66E0E6346C5D6C13,SHA256=58A6194FA4407AB939C95A52829D45E985F789B3132013EA5EAD6C21AE4A5218,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139029Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:10.920{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E7820C47353E760BB5F177C900E35D31,SHA256=1F81FC55E5EF2806CC73CE58CB9709F9386EE555A9A54958F19FB922BDE0BD99,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120776Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:10.567{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=918AA9CC93BE1171BE266DFB0B14B43D,SHA256=02DC487C62465DB5032C7D01E96186C80ECFDF2BAB0573A5F7E784814C574EF0,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000139028Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:08.335{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64707-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000120775Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:08.592{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50606-false10.0.1.12-8000- 354300x8000000000000000120774Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:08.341{49C67628-5043-615D-1500-00000000FD01}1088C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal123ntpfalse169.254.169.123-123ntp 23542300x8000000000000000139030Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:11.929{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=89FC06E8757EDCF349B8A2F8FBDBD80D,SHA256=CA0404904D8846D1CE815A68825CA4E88C8E69BE2E6FD1EA48DB2CC2A736C78D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120777Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:11.595{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E706CC6313A1025EF44BE29A6C79E3F,SHA256=9045A4BB78C9D87348ABAA81F914C2F28ED4627AB24C60E45B5C9327BC725E5A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139032Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:12.961{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E6F4450F6A86B31EC02D12DFF6908F80,SHA256=F9E259738D5F111CBB0284DB1FE28958CBFD3F52F1579EFA4568CCAB92A6B964,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120781Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:10.945{49C67628-5046-615D-3A00-00000000FD01}2724C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50609-false169.254.169.254-80http 354300x8000000000000000120780Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:10.906{49C67628-5046-615D-3A00-00000000FD01}2724C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50608-false169.254.169.254-80http 354300x8000000000000000120779Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:10.905{49C67628-5046-615D-3A00-00000000FD01}2724C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50607-false169.254.169.254-80http 23542300x8000000000000000120778Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:12.626{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BAA4029F25A504F8E4F9BB527EB2442D,SHA256=070804F47C075C2536A92B14DA94B13A8D7F221FC5CD00048E163A1FDCFE55D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139031Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:12.318{6EDEAD03-504E-615D-2800-00000000FC01}2924NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211006072921-072MD5=58D52BFFD80488B8005F7C319C2D4334,SHA256=B9D8441D1BC2ED8425146F5F211E2A21C477807F4E0B7EBAD9811C868FAB9279,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139034Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:13.986{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1D61F773D4F9D0C02BE6CB9D9731A976,SHA256=D797B02C39F0780BD68D83CE022DCC9EC475E45B9BFBD0F7403D1038DCA98FA5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120783Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:13.704{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=32640F7CA1B25EE36D11A8D59A3A23A2,SHA256=22F9EE8AE78E59C5EB705BB1A9482A5C2D841723D3693B8A088B0DCE34701330,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120782Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:11.039{49C67628-5046-615D-3A00-00000000FD01}2724C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50610-false169.254.169.254-80http 23542300x8000000000000000139033Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:13.318{6EDEAD03-504E-615D-2800-00000000FC01}2924NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211006072919-073MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139035Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:14.992{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE9C20C8669EC72A6C4003A63EA3B97D,SHA256=6FC0A55D66B87E4B5CA0F9B2ABC723E67C0701E86CC73742CD0F0B0BB25CEA94,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120784Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:14.782{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=388C7142D9828DC28226CD9857974BD6,SHA256=46A5273602E181E1F413415DE8AE75D501C764E4A7958C569E3BDAE1FEEBAA32,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120785Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:15.813{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A9190EB9F7DCBAFA6E25C43956112653,SHA256=1BE99DD053B243CF4A602BF564687DF22C5E142C9916039592214643F9B617EC,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000139036Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:13.407{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64708-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000120786Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:16.829{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C722FF9B79AF17E2A0C97DC2E5C3D26D,SHA256=0D5AE54A546D9993A925E8C1B36123DA04B6F7A37E2AF47110076505D7575B2B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000139041Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:16.782{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2C00-00000000FC01}3052C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139040Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:16.781{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2C00-00000000FC01}3052C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139039Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:16.780{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2C00-00000000FC01}3052C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139038Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:16.779{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2C00-00000000FC01}3052C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000139037Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:16.001{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C9D58C6DEB1535E3955FCFB117A0A2C9,SHA256=084C08B03277416A7344E99DDA22CDF3EF8E105A69B11F4358A959C9AF2353F2,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120788Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:14.572{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50611-false10.0.1.12-8000- 23542300x8000000000000000120787Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:17.844{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3F1036EC313EDD7D3B83F5C090BD4872,SHA256=80ED8EFDE11466D88C2C1D2EF62D8CFE900F62592EC0A99601B10F71FEEC9DA8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139044Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:17.216{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=49DD7F663B8CC6ED1B6E2E75F1B144F6,SHA256=B5E574C8509F4A771FE2241B407661EFE02224325A67F40A3B75E63A4E75D05C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139043Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:17.216{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=34DC6639488E9118FB3D448662569063,SHA256=25221B4297B096D083605C6E8644E406ACBBC41AEE6C1AFC1A4EE5EE3D61CE3E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139042Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:17.216{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=36BC4480F5262729F41FACAD2333339C,SHA256=C6CD2779D25C5C62A6EFC4BC314A43673A76E990A9F38D4EB9ECAD78F620C771,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120789Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:18.844{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=47F0DDD892BCFD5FDB5D4C867E8667B0,SHA256=4F80C444DE7F291117193C504B78859F216D1A5A2F29B52A5C516FB45B99AE0E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139045Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:18.315{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=38BB71D367CE3CD3C426F39B0F53DD7A,SHA256=411686F51342D7EFA21DEA5A9AB5748923969C87248A4403E07E363EAFAB44A8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120803Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:19.985{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-61E3-615D-A302-00000000FD01}2348C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120802Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:19.985{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120801Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:19.985{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120800Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:19.985{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120799Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:19.985{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120798Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:19.985{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120797Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:19.985{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120796Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:19.985{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120795Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:19.985{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120794Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:19.985{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120793Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:19.985{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-61E3-615D-A302-00000000FD01}2348C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120792Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:19.985{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-61E3-615D-A302-00000000FD01}2348C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120791Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:19.986{49C67628-61E3-615D-A302-00000000FD01}2348C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120790Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:19.860{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=64AF203E94FA29A3EF8E1F478606908A,SHA256=669EBF7EB03A5FEFC887480073132BDB35E7BE631B30563DC96D58C84FEDBC30,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139047Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:19.330{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=35BFDECDFBBD7F8E2807C932FE45B54E,SHA256=D39DAFCBAF9C82E612B3A82A7970471D94D2079A82AE3DAB582B7BAE2855E119,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139046Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:19.015{6EDEAD03-504E-615D-3000-00000000FC01}2448NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000139077Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:18.489{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64710-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000139076Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:18.327{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64709-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 10341000x8000000000000000139075Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:20.480{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139074Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:20.480{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139073Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:20.480{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139072Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:20.480{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139071Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:20.479{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139070Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:20.479{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139069Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:20.479{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139068Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:20.479{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139067Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:20.479{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139066Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:20.479{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139065Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:20.479{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139064Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:20.479{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139063Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:20.479{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139062Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:20.479{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139061Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:20.479{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139060Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:20.479{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139059Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:20.479{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139058Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:20.478{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139057Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:20.478{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139056Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:20.478{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139055Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:20.478{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139054Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:20.478{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139053Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:20.478{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139052Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:20.478{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5392-615D-1201-00000000FC01}3032C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139051Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:20.478{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5393-615D-1301-00000000FC01}4456C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139050Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:20.478{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5393-615D-1301-00000000FC01}4456C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139049Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:20.478{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5393-615D-1301-00000000FC01}4456C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+c604|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000139048Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:20.430{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=432C0CF4DB4472DECA90D209C1D711FB,SHA256=FE12445A832C09CE3BA69F1608C52321C70082F788DE4D1EDAD3DD54534CDBAB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120817Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:20.657{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-61E4-615D-A402-00000000FD01}2576C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120816Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:20.657{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120815Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:20.657{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120814Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:20.657{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120813Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:20.657{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120812Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:20.657{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120811Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:20.657{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120810Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:20.657{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120809Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:20.657{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120808Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:20.657{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120807Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:20.657{49C67628-5042-615D-0500-00000000FD01}408528C:\Windows\system32\csrss.exe{49C67628-61E4-615D-A402-00000000FD01}2576C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120806Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:20.657{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-61E4-615D-A402-00000000FD01}2576C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120805Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:20.657{49C67628-61E4-615D-A402-00000000FD01}2576C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000120804Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:20.110{49C67628-61E3-615D-A302-00000000FD01}23482356C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000139079Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:21.629{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=797E9E612788085AB6ABBA7A1FB5FE55,SHA256=32DC3BECEA2FE86E725304C367B914751D873C409AE6C182090EF4C31594FB25,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000139078Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:20.480{6EDEAD03-5041-615D-0D00-00000000FC01}884908C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+c72a|c:\windows\system32\rpcss.dll+dade|c:\windows\system32\rpcss.dll+a6fb|c:\windows\system32\rpcss.dll+43a41|c:\windows\system32\rpcss.dll+43b72|c:\windows\system32\rpcss.dll+43eaf|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000120820Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:21.188{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1D5D28587F0E70564C1B40A5C2F36463,SHA256=0EE73A91757CF8B851F6B28EBBB223C232F8241187DCF43F9C9205A2F02EE583,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120819Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:21.188{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CBB3EB0C2105573C347AB26735C49727,SHA256=911DC40518F51396BD390081A83DE0E5E775A49EAA40406A6B5CE0153B784334,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120818Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:21.188{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F8FB21113CCA952C03F02142D88842E,SHA256=40142B55A4816345605876E5CC36BC69BC6638E03A27B6D133EBC6485154CE7B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139080Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:22.698{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=968B898130E341BA5252336FD7E4DD21,SHA256=234891E58F512B1E1A351D71305537F8C452E333EEB04A8F5C1890230184899C,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120835Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:20.572{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50612-false10.0.1.12-8000- 10341000x8000000000000000120834Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:22.328{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-61E6-615D-A502-00000000FD01}2404C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120833Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:22.328{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120832Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:22.328{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120831Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:22.328{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120830Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:22.328{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120829Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:22.328{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120828Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:22.328{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120827Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:22.328{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120826Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:22.328{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120825Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:22.328{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120824Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:22.328{49C67628-5042-615D-0500-00000000FD01}408528C:\Windows\system32\csrss.exe{49C67628-61E6-615D-A502-00000000FD01}2404C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120823Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:22.328{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-61E6-615D-A502-00000000FD01}2404C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120822Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:22.329{49C67628-61E6-615D-A502-00000000FD01}2404C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120821Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:22.266{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AD985DFA98D32D109D4988389618F81F,SHA256=551ACCAA90FB46BCFF969EEE180D58F7B7FED89CFA7E3B16E96927DF42D02736,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000139085Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:21.672{6EDEAD03-5051-615D-4400-00000000FC01}3668C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64714-false169.254.169.254-80http 354300x8000000000000000139084Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:21.579{6EDEAD03-5051-615D-4400-00000000FC01}3668C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64713-false169.254.169.254-80http 354300x8000000000000000139083Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:21.526{6EDEAD03-5051-615D-4400-00000000FC01}3668C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64712-false169.254.169.254-80http 354300x8000000000000000139082Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:21.525{6EDEAD03-5051-615D-4400-00000000FC01}3668C:\Program Files\Amazon\SSM\ssm-agent-worker.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64711-false169.254.169.254-80http 23542300x8000000000000000139081Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:23.713{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3D436B6998E0CBFF6702F09ED15E526E,SHA256=53F6F211AB8115379D5B4300500A173CB8BD7F999FA26E1742B400F48D5AE003,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120851Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:23.578{49C67628-61E7-615D-A602-00000000FD01}3004576C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000120850Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:23.563{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1D5D28587F0E70564C1B40A5C2F36463,SHA256=0EE73A91757CF8B851F6B28EBBB223C232F8241187DCF43F9C9205A2F02EE583,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120849Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:23.438{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-61E7-615D-A602-00000000FD01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120848Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:23.438{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120847Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:23.438{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120846Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:23.438{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120845Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:23.438{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120844Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:23.438{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120843Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:23.438{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120842Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:23.438{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120841Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:23.438{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120840Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:23.438{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120839Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:23.438{49C67628-5042-615D-0500-00000000FD01}408528C:\Windows\system32\csrss.exe{49C67628-61E7-615D-A602-00000000FD01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120838Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:23.438{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-61E7-615D-A602-00000000FD01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120837Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:23.438{49C67628-61E7-615D-A602-00000000FD01}3004C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120836Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:23.281{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=41B61D1D5922CB1A1430B920DF592044,SHA256=58FE21FBF816FA375FA412FA89115D5D5D2892EC2CD3333F81667CD34CDA6AE7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139086Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:24.812{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1A6E3A4ADE2C8089FF365A469F4B0577,SHA256=5EBFDF9B8AA3E62963BB2D0D8F6442B2837A1B866954E3B35C79C5FB6FD6ED0F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120879Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:24.985{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-61E8-615D-A802-00000000FD01}3896C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120878Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:24.985{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120877Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:24.985{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120876Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:24.985{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120875Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:24.985{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120874Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:24.985{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120873Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:24.985{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120872Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:24.985{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120871Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:24.985{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120870Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:24.985{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120869Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:24.985{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-61E8-615D-A802-00000000FD01}3896C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120868Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:24.985{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-61E8-615D-A802-00000000FD01}3896C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120867Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:24.985{49C67628-61E8-615D-A802-00000000FD01}3896C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120866Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:24.735{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=66BD4980149C56DA9AA03AD4372701A1,SHA256=AEEBAB366988CA3177F75A4064FC7BD4C4F015AC309571225ACDB2DE223C99C1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120865Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:24.469{49C67628-61E8-615D-A702-00000000FD01}1356740C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120864Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:24.313{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-61E8-615D-A702-00000000FD01}1356C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120863Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:24.313{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120862Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:24.313{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120861Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:24.313{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120860Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:24.313{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120859Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:24.313{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120858Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:24.313{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120857Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:24.313{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120856Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:24.313{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120855Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:24.313{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120854Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:24.313{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-61E8-615D-A702-00000000FD01}1356C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120853Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:24.313{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-61E8-615D-A702-00000000FD01}1356C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120852Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:24.313{49C67628-61E8-615D-A702-00000000FD01}1356C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000139087Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:25.827{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0EBD94B3AE2BB527C50859EE2B450B2F,SHA256=1035D85D5E32AFB2F9CC154AF3B5962D5C5ECFF61A2341725FCD7C77AF0BAB7E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120882Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:25.500{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1938E16FEFBBBE4B84DD293CD012BC4B,SHA256=7D23953F12C022E6C81DCF8B91BA03D239EB46D5CEB07D2D4988E008CC989598,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120881Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:25.360{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=633EFED2EDA90E40397D4867E053D58F,SHA256=DF401CD429F9E4A762511E97EB99B14A2D8EA5E8A17AE1F09EE6E22E7E1115E7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120880Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:25.141{49C67628-61E8-615D-A802-00000000FD01}3896332C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000139088Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:26.827{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AADAACBFBDF8105B8B279AC28D531AD7,SHA256=B2643A7CEB2D5B50FD2D41EDB3B1BAF9923BAA8A1DE45E4A81A1E0B5ADE4A8A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120883Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:26.500{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6273B0672C4D32B4AC6FE819B63A692B,SHA256=74968DC61A4D5F2AD6D8AABBE49DB1F98074E9DC68AE8798ED2CAFB2575CEB2B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139090Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:27.842{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B851788CDB83F3690898C992375A7200,SHA256=B0647C5D67159AC40B27C33301843D98DEB55BBB9C5F118807D1B91627B2794D,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120898Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:25.665{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50613-false10.0.1.12-8000- 23542300x8000000000000000120897Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:27.516{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6EDA91430D12E40E45473F94948E1404,SHA256=398AC262382AEE345076896330EF742C97DCE2E75C6CE5FFB903FA86FE12C8CA,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000139089Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:24.455{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64715-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000120896Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:27.031{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-61EB-615D-A902-00000000FD01}3128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120895Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:27.031{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120894Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:27.031{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120893Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:27.031{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120892Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:27.031{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120891Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:27.031{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120890Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:27.031{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120889Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:27.031{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120888Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:27.031{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120887Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:27.031{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120886Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:27.031{49C67628-5042-615D-0500-00000000FD01}408528C:\Windows\system32\csrss.exe{49C67628-61EB-615D-A902-00000000FD01}3128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120885Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:27.031{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-61EB-615D-A902-00000000FD01}3128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120884Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:27.032{49C67628-61EB-615D-A902-00000000FD01}3128C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000139091Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:28.843{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C155B2A118F42A07A1FE7F64F616BBAC,SHA256=8E1B8270CF417D623DE70B5F978EE054643C7DC8AD2B731426E06CF2CAE36B98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120900Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:28.532{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FD379036A7D1050F565440E29F3A1FDC,SHA256=C15B330B518576A66D778535BF75E9880D6A85B27DD2F38D8B9010FF5AD0B022,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120899Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:28.094{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=80B9DF63A4A7B7EA7A738848B0810723,SHA256=CB4F9106CE6CA18F83203C36F2761DE10B6871A343819C5917D5919575D1A464,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139098Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:29.877{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=28D8F260324887D0B5D16246FF0E1728,SHA256=15759815DE9C91C655CF0ECBB1FB53F8E72452112DA79022B3B3C2E0344594D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120901Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:29.562{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FAA6C749568457C3F6919EAB7B26C580,SHA256=B6DD85EC109B4C3A57322C806F23CC3407D5A8F5D2E98BF6DED6274920856AD5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139097Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:29.426{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=9A66055B0C74CC350222794F94E94E8B,SHA256=99D5D14B35F10CEB38F4810EA52A585840530E2601579FF78794AD609701AC5D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139096Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:29.426{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=10FE55670B1DF8C15A4536E336D528B0,SHA256=FEC2A10886326886E917DA02510E4E9A359988012894BF63D9D9D55DCDEC2B4B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139095Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:29.426{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=C194902C8D6E6353E4B7F33F9B050674,SHA256=8C784815241555D2F48E87D4D9C5D8AF15C9D475DE5C3D59E7F181D028AA9441,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139094Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:29.426{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=BA2A4D3AABAE4A73D81417DD2EF50E2B,SHA256=EEE871C42D8FA02077F8383ED9FED69EBFE85A59725D16AF3DD0180EDECE7F78,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139093Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:29.426{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=0155F2933DF15A7D4D962B7AE1A695F0,SHA256=D322017BC738438FC5444CC92B0E7EA438196F555FFE1366F00428F713046C3A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139092Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:29.426{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=0C359B1F7F8FEC07AA4E3879AF164215,SHA256=B9E5736B88A12778CA0CF36CE6D17F90C8FC64A71ECEDCCB3ED3F12C57C7EA4D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139099Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:30.898{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2F337B4F00C020E85215D9E991401FFE,SHA256=5C8CEB7D118DA7082B222B32C34AF2A073942796B2538E3086F47B7D3146B17F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120902Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:30.587{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3CA78BFE9397698D4069DD81F594B2C7,SHA256=1C5AED5DCB14AF511D831765A682B80B552B8ED3B63C23FB03EA7D8932E25879,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139116Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:31.913{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9539161A2DD844AA71939F40A2A45C98,SHA256=CA3B06CE1C13A422B38176C19F17708AC4EE6EA2893CC628F1D374FA50FADE31,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120903Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:31.806{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C3D6E4FD6DA29B2BA6FAE7E4FA654730,SHA256=F4400D6B0BCBA69D5B42122B36E6A1CD3E57D5376615ABFCEDDFAD10A2B3C3FD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000139115Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:31.897{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-61EF-615D-E602-00000000FC01}3848C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139114Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:31.897{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139113Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:31.897{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139112Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:31.897{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139111Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:31.897{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139110Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:31.897{6EDEAD03-503F-615D-0500-00000000FC01}408524C:\Windows\system32\csrss.exe{6EDEAD03-61EF-615D-E602-00000000FC01}3848C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000139109Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:31.897{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-61EF-615D-E602-00000000FC01}3848C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000139108Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:31.898{6EDEAD03-61EF-615D-E602-00000000FC01}3848C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000139107Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:31.213{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-61EF-615D-E502-00000000FC01}4976C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139106Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:31.213{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139105Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:31.213{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139104Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:31.213{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139103Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:31.213{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139102Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:31.213{6EDEAD03-503F-615D-0500-00000000FC01}408404C:\Windows\system32\csrss.exe{6EDEAD03-61EF-615D-E502-00000000FC01}4976C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000139101Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:31.213{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-61EF-615D-E502-00000000FC01}4976C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000139100Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:31.215{6EDEAD03-61EF-615D-E502-00000000FC01}4976C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120904Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:32.837{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=954A1AEDCFDB793C63CCA3DDD5B64B87,SHA256=89AB97164EF6F02E4FCD2B1CA5ED148FA5957C501A3651B90D3131C67B35F746,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139120Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:32.229{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C559ED9E9242D05F47530978319C83E1,SHA256=453146CE89BCA83D686A1197542C500BBF6B82BB91226B8B4B60D70C2E7BD691,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139119Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:32.229{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=49DD7F663B8CC6ED1B6E2E75F1B144F6,SHA256=B5E574C8509F4A771FE2241B407661EFE02224325A67F40A3B75E63A4E75D05C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000139118Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:32.160{6EDEAD03-5041-615D-0D00-00000000FC01}8845740C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-0F00-00000000FC01}104C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139117Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:32.082{6EDEAD03-61EF-615D-E602-00000000FC01}38485340C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139138Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:33.753{6EDEAD03-5041-615D-0D00-00000000FC01}8845740C:\Windows\system32\svchost.exe{6EDEAD03-5391-615D-0301-00000000FC01}4184C:\Windows\System32\rdpclip.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139137Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:33.753{6EDEAD03-5041-615D-0D00-00000000FC01}8845740C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-0C00-00000000FC01}828C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139136Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:33.753{6EDEAD03-5041-615D-0D00-00000000FC01}8845740C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139135Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:33.753{6EDEAD03-5041-615D-0D00-00000000FC01}8845740C:\Windows\system32\svchost.exe{6EDEAD03-5041-615D-1000-00000000FC01}376C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+fa21|c:\windows\system32\rpcss.dll+d6ee|c:\windows\system32\rpcss.dll+b877|c:\windows\system32\rpcss.dll+85f7|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139134Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:33.497{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139133Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:33.497{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139132Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:33.497{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139131Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:33.497{6EDEAD03-61B3-615D-D602-00000000FC01}18925112C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+37e70|C:\Program Files\Mozilla Firefox\firefox.exe+37d66|C:\Program Files\Mozilla Firefox\firefox.exe+49340|C:\Program Files\Mozilla Firefox\firefox.exe+4903c|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000139130Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:30.504{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64716-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000139129Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:33.128{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-61F1-615D-E702-00000000FC01}4032C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139128Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:33.128{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139127Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:33.128{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139126Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:33.128{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139125Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:33.128{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139124Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:33.128{6EDEAD03-503F-615D-0500-00000000FC01}408524C:\Windows\system32\csrss.exe{6EDEAD03-61F1-615D-E702-00000000FC01}4032C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000139123Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:33.128{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-61F1-615D-E702-00000000FC01}4032C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000139122Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:33.129{6EDEAD03-61F1-615D-E702-00000000FC01}4032C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000139121Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:33.059{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=72A8D5602D80301A2ED93D584F1545A0,SHA256=CCE82C112E269CF956029885C9ABA5104DD1CD9A51C38B598A15A5658AE4ADDE,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120905Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:30.783{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50614-false10.0.1.12-8000- 10341000x8000000000000000139160Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:34.549{6EDEAD03-61F2-615D-E802-00000000FC01}10003412C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000139159Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:32.825{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64718-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000139158Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:32.825{6EDEAD03-504E-615D-2700-00000000FC01}2916C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64718-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000139157Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:32.641{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54505- 354300x8000000000000000139156Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:32.639{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56798- 354300x8000000000000000139155Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:32.616{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64717-false172.217.23.106mil04s23-in-f106.1e100.net443https 354300x8000000000000000139154Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:32.616{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54103- 354300x8000000000000000139153Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:32.615{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56490- 354300x8000000000000000139152Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:32.613{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudptruefalse10.0.1.14win-dc-676.attackrange.local51140-false10.0.0.2ip-10-0-0-2.eu-central-1.compute.internal53domain 354300x8000000000000000139151Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:32.613{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54812- 354300x8000000000000000139150Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:32.613{6EDEAD03-5041-615D-1300-00000000FC01}932C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEudptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54812-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domain 10341000x8000000000000000139149Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:34.368{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-61F2-615D-E802-00000000FC01}1000C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139148Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:34.366{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139147Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:34.366{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139146Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:34.365{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139145Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:34.365{6EDEAD03-503F-615D-0500-00000000FC01}408424C:\Windows\system32\csrss.exe{6EDEAD03-61F2-615D-E802-00000000FC01}1000C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000139144Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:34.365{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139143Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:34.365{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-61F2-615D-E802-00000000FC01}1000C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000139142Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:34.365{6EDEAD03-61F2-615D-E802-00000000FC01}1000C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000139141Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:34.135{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C559ED9E9242D05F47530978319C83E1,SHA256=453146CE89BCA83D686A1197542C500BBF6B82BB91226B8B4B60D70C2E7BD691,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139140Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:34.083{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E07D774417C7BE14520A93E40A1FF1A0,SHA256=AB23E28699E7647B9DDEE3D13938BE3EFE42D6A6D298D0F7A38E9052A9EBEBD0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120906Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:34.056{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=57F30092455C5CAD9C601F9741651C01,SHA256=DD0814AD33429438EC8CF79904AE344EE545A73A057DE956D1834104C9C43E14,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139139Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:34.039{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120907Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:35.071{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=360EAAEF31E663DB6A3479815892D122,SHA256=73AC317C7C018A3030A148745EBDE7B63711A54E21E0E8B7BE28A332C1C431DE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000139181Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:35.770{6EDEAD03-61F3-615D-EA02-00000000FC01}59441888C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139180Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:35.586{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-61F3-615D-EA02-00000000FC01}5944C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139179Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:35.582{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139178Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:35.582{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139177Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:35.582{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139176Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:35.582{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139175Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:35.581{6EDEAD03-503F-615D-0500-00000000FC01}408524C:\Windows\system32\csrss.exe{6EDEAD03-61F3-615D-EA02-00000000FC01}5944C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000139174Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:35.580{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-61F3-615D-EA02-00000000FC01}5944C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000139173Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:35.581{6EDEAD03-61F3-615D-EA02-00000000FC01}5944C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000139172Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:35.579{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9C535E08785CFE3DFA30FEED7056D984,SHA256=032B6704FD46C5B21E7C5AEC4EF7ED9E89C4005C64A0BAD00C8C0585DC45A0C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139171Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:35.579{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A4550C46320C33AE64BB385E28D80993,SHA256=24D0429E77179C7B2DD30CECF5362054EBE78E7E56B13E1A701C178EDACA576B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000139170Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:32.967{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local54506-false172.217.23.106mil04s23-in-f106.1e100.net443https 10341000x8000000000000000139169Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:35.175{6EDEAD03-61F3-615D-E902-00000000FC01}40445056C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139168Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:35.018{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-61F3-615D-E902-00000000FC01}4044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139167Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:35.016{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139166Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:35.016{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139165Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:35.015{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139164Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:35.015{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139163Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:35.015{6EDEAD03-503F-615D-0500-00000000FC01}408404C:\Windows\system32\csrss.exe{6EDEAD03-61F3-615D-E902-00000000FC01}4044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000139162Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:35.015{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-61F3-615D-E902-00000000FC01}4044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000139161Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:35.015{6EDEAD03-61F3-615D-E902-00000000FC01}4044C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000139221Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:36.606{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\safebrowsing-updating\social-tracking-protection-twitter-digest256.vlpsetMD5=B50CF628E0082A7840D84D0CBE1CAD48,SHA256=544DF79BCEF9DC8E082021E342C2A1B12CD0B8BDAF3687E0F23785406EDF33AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139220Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:36.605{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\safebrowsing-updating\social-tracking-protection-twitter-digest256.sbstoreMD5=F130C472E963FF3CEED251C65964B927,SHA256=E5D2A5BBE8AA43751EF7F7BC3A817A0963D56272A4C9B6055E60929606186CE2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139219Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:36.604{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\safebrowsing-updating\social-tracking-protection-linkedin-digest256.vlpsetMD5=5F93E0F827909390D257EBB27C77F392,SHA256=5BCB684F3EE3B2EC2F4945655FBEF281C487399D6BF90451647DB1761715D4C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139218Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:36.603{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\safebrowsing-updating\social-tracking-protection-linkedin-digest256.sbstoreMD5=9275B832091D9E3BFE50898A3BE022B5,SHA256=38C52A5435B625083000A054489B95E033F7B352377510DF668CEE749DE5803E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139217Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:36.603{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\safebrowsing-updating\social-tracking-protection-facebook-digest256.vlpsetMD5=8AC8A05028631170937EDA4CF0E0A35A,SHA256=456AB2C0E4E117D62DC529362EB22C725D410098868442729ADE5E4FF0822E78,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139216Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:36.601{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=992EBE664204A462E9FFFE2E14EC7123,SHA256=22A2B0E457D982A0518681A0FA6B29A20430EBB6B8C568AD01A587D5DB15587C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139215Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:36.601{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\safebrowsing-updating\social-tracking-protection-facebook-digest256.sbstoreMD5=7BBA9B83F0F213C5A723209D4C9962CE,SHA256=E1B8E7DEB0F34EEB6BF4D10E47E734A1FE829C365DF360B98646D7E11F2DD4C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139214Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:36.600{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\safebrowsing-updating\social-track-digest256.vlpsetMD5=16BF2AA546411BA25DC80EA288D47143,SHA256=524EC56C023155C7BE4C84D5AEC4FE2D85DFBAB3C2FA27F82BCD35028D546F83,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139213Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:36.599{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\safebrowsing-updating\social-track-digest256.sbstoreMD5=69EE5B232870704AFCC0E8957AA42A0F,SHA256=EC8DF5279022B68C0B542EC1688889374754106DFADBF7CAF8337E3F98865941,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139212Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:36.598{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\safebrowsing-updating\mozstd-trackwhite-digest256.vlpsetMD5=83BCEF27E5B36115C2ADBA73CE9A7D2B,SHA256=3F68B0FEFBD484094D6517761B2DC13C6A430DDE3B44FA6CCACA3E39052D2AAD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139211Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:36.595{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\safebrowsing-updating\mozstd-trackwhite-digest256.sbstoreMD5=177BC07ECED26CEBE0441C318BD35BB8,SHA256=2A816C802C006DF75CA86E1497E4CF05DFB0F07DB0CD31C0EC30EDAF92C2DF75,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139210Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:36.595{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\safebrowsing-updating\mozplugin-block-digest256.vlpsetMD5=FCC9C2C9B611A3264B68EBE180EB4248,SHA256=6ECD378A537EEFE350B45CFA353741383F407D99D776BF23155A7825DC5DD2BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139209Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:36.593{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\safebrowsing-updating\mozplugin-block-digest256.sbstoreMD5=519BEB1B01FC355BB388F1F75BE997FD,SHA256=FFE2D3077B81AE6F51B220C1C661B276C823FA67DAD1D64FC5F17249FC54BDC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139208Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:36.592{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\safebrowsing-updating\google-trackwhite-digest256.vlpsetMD5=E54E5B84194EEE15E64D2A03F1136BB7,SHA256=07707B589BE3DBA3BB0BDAC67760A2B180EA3531E9D7976B73E4C1D8DF9DBB1E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139207Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:36.579{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\safebrowsing-updating\google-trackwhite-digest256.sbstoreMD5=FEC9BC354A7EE92C6FEEFE63E6B0FA26,SHA256=258EF8E6994A09FFB54BD0D5AFEC97C13C31F2EEFB7FE90A2A4C487C87817519,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139206Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:36.578{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\safebrowsing-updating\except-flashsubdoc-digest256.vlpsetMD5=0C0D67875BD75A0227C02DD8529BA01A,SHA256=614BE0169EC36E67223EB9645A98DA66DBFDE5DFBB89BB064F428AAEABDD9D97,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139205Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:36.578{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\safebrowsing-updating\except-flashsubdoc-digest256.sbstoreMD5=22698B4CF784DBBAE2D583F00491D43D,SHA256=3849563088AE0677D61702A1310FDE26DE5DDD846D53037222D3EFE012197BF5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139204Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:36.577{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\safebrowsing-updating\except-flashallow-digest256.vlpsetMD5=7194B6BFF691A056852A51E2E06CE8FE,SHA256=CBE2DC6ABFE25BEAD60F4DFAF419FC0F441FF8A8DD4A2FEBF5553BE1CBD90C49,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139203Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:36.576{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\safebrowsing-updating\except-flashallow-digest256.sbstoreMD5=DD0458514C9A922B45DA6A8BEBE47320,SHA256=D27D5B27030F4725249377951BEB89E84A90A0E8241F0D5FD80EA59C1606E761,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139202Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:36.575{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\safebrowsing-updating\except-flash-digest256.vlpsetMD5=C2994D388F8780C87D35C352D9582985,SHA256=7ED09F7D2BD632F70077A4AE4F2BD2F3FB654B03CD72652F51678B0C7D027F25,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139201Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:36.574{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\safebrowsing-updating\except-flash-digest256.sbstoreMD5=D5D6B4D59B4AE4E2DE4B40D0DA083571,SHA256=000E3A78C72A210CA3B5417A3CDD294FBCE2A31661601C9D594C75CF2800571C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139200Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:36.573{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\safebrowsing-updating\content-track-digest256.vlpsetMD5=07FF16BA9846838DA27AE094A1B91369,SHA256=DC83AE90504AC11C29876CFC48483976397E899958EE8EDE7F381971A2C2C4B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139199Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:36.572{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\safebrowsing-updating\content-track-digest256.sbstoreMD5=1B9A162CEB3C7BE8393CE348F35A4564,SHA256=2D6B6351BD1B8C2047DA1854D0033EE6C5CD9F1BFE38C5E1A2B82C86AFE8A598,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139198Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:36.571{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\safebrowsing-updating\block-flashsubdoc-digest256.vlpsetMD5=40165280FF1345B5241EC2A9D1DA2AF0,SHA256=F80BDD5341D8B1EE946E344E258EF2D35C3C0BB6B13EB7B3E6A77467DFA8B97F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139197Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:36.569{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\safebrowsing-updating\block-flashsubdoc-digest256.sbstoreMD5=B9556D03AFF392142AD5691D2F867310,SHA256=CFD3909B41C1EE3CBCB8B7D2B1378065E7D3B543FFF1F2FB7A4F25C5FF41722C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139196Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:36.569{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\safebrowsing-updating\block-flash-digest256.vlpsetMD5=130B9AC2BEEC5ADA274561105D81AE36,SHA256=7D99FEC08182A5B95D18D1569EDAA2C60C2AAFBD15A56D8882F22F3B395E6460,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139195Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:36.568{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\safebrowsing-updating\block-flash-digest256.sbstoreMD5=9F6B331AA1E070DCFEED473E76CE56C3,SHA256=7DBBEA2DD387EEB85E1F56E02FC9989ACDE570CD43BFEF2C2A827093BA87DA6D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139194Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:36.567{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\safebrowsing-updating\base-fingerprinting-track-digest256.vlpsetMD5=BF6C363FCFE18836F5B693AC897B03D0,SHA256=3436668289A12D65E3C22BC60B8E2EA8D2D6CF15DF1402FCB3C16DD875D438E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139193Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:36.566{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\safebrowsing-updating\base-fingerprinting-track-digest256.sbstoreMD5=D5F2E2EC2D972EA4E3BD5E52478574EC,SHA256=5A9F549160D35C4F4CCD6CC4EF4B63FF1A8859F8374AEA866A10F61DC2559E58,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139192Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:36.564{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\safebrowsing-updating\base-cryptomining-track-digest256.vlpsetMD5=82E921320B62879B070EBE9D8F1F4256,SHA256=A781BFF04964067CB06EA80DA605A4A2837F7256580693C6DBDCA971D8C9BDB0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139191Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:36.563{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\safebrowsing-updating\base-cryptomining-track-digest256.sbstoreMD5=BB9BB51CB484CC5719D210D53CF37762,SHA256=1903A36C25AEB3C61953484ED931ED52AB4A3BD13FCC38046154A6681472D499,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139190Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:36.563{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\safebrowsing-updating\analytics-track-digest256.vlpsetMD5=C18D748EA4EC42607B01F62BD69CFCCA,SHA256=C3D2FA87A01F8DBA161F97959CC08E146AED0F15A3CCBD94B7019A4DBF2A14EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139189Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:36.562{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\safebrowsing-updating\analytics-track-digest256.sbstoreMD5=1FC7B2422CDE492733C09B15532720CD,SHA256=B3924A454B89471C1B26B69C90B4E1FC468B75BE378E7A1646CB1DF30AE59BDE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139188Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:36.560{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\safebrowsing-updating\allow-flashallow-digest256.vlpsetMD5=DE0D88480C24350C59E1E9A3583DE0D1,SHA256=01BA9F0B913E04ED10BD7166796483DD4F72005F249D6EE68B12117BE4B5D3C7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139187Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:36.559{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\safebrowsing-updating\allow-flashallow-digest256.sbstoreMD5=DD0458514C9A922B45DA6A8BEBE47320,SHA256=D27D5B27030F4725249377951BEB89E84A90A0E8241F0D5FD80EA59C1606E761,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139186Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:36.558{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\safebrowsing-updating\ads-track-digest256.vlpsetMD5=10DF08FF9D77ACBF8F2BFB88B4BF1E3E,SHA256=4CC64D82E2EE876BA287302C877554B9D226416AF66CDF9C0350DBB845433881,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139185Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:36.554{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\safebrowsing-updating\ads-track-digest256.sbstoreMD5=E1E560A4EAE533286AEA5189E628BBCA,SHA256=0E5F9C474D34A165AF58EFB90E76E2CEDAE8A3E4FC29A6D9B9E2CFAEACD88A0F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000139184Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:33.500{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local62054- 354300x8000000000000000139183Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:33.488{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57582- 23542300x8000000000000000139182Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:36.186{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1E7504330D744F9ADC1FA5C1303E4D4D,SHA256=19C2174E854AD4C568E3865A11444C9378ABA498E6DBA8E6EC1C66D6AE5F0FFD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120908Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:36.087{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5C5F0BE26F6AF6D91C381ACB16657093,SHA256=58DBAE1A03DACFCA831CE9442F86BAC39DC649ABEEE9AD4B599AF9985EE0DEFA,IMPHASH=00000000000000000000000000000000falsetrue 22542200x8000000000000000139235Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:34.963{6EDEAD03-61B3-615D-D602-00000000FC01}1892onedscolprdeus10.eastus.cloudapp.azure.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000139234Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:34.961{6EDEAD03-61B3-615D-D602-00000000FC01}1892onedscolprdeus10.eastus.cloudapp.azure.com052.168.117.169;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000139233Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:37.623{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-61F5-615D-EB02-00000000FC01}2212C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139232Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:37.622{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139231Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:37.622{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139230Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:37.622{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139229Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:37.622{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139228Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:37.622{6EDEAD03-503F-615D-0500-00000000FC01}408404C:\Windows\system32\csrss.exe{6EDEAD03-61F5-615D-EB02-00000000FC01}2212C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000139227Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:37.621{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-61F5-615D-EB02-00000000FC01}2212C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000139226Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:37.621{6EDEAD03-61F5-615D-EB02-00000000FC01}2212C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000139225Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:37.620{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=80AD13D9D57F375B7D01FE050F32C355,SHA256=79A7C7486608BC568A2EDA307A5DAFAD3EBC4CF3A3446237D8E6CED6EC04234F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000139224Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:34.961{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61921- 354300x8000000000000000139223Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:34.960{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59644- 23542300x8000000000000000120909Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:37.103{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BEDB4453A0358EA52DBBCD4E8FCBE7F3,SHA256=DCAD2BC8B45A496CBC3E5DA6429A90F0C63438CB044AE7290BD9C08633797AA1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139222Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:37.108{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139238Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:38.639{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A144B917E626B14F38F1EF78B7C5403E,SHA256=65B79DCF6C84677E75D66C85885BE3FAAE8F3D017F55EAF0B25C2E62C50858EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139237Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:38.304{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=910288ACF452B15E33A5583B8452040B,SHA256=BB5C654496176CD0A26167028DF02C82E794DED5BAB20A245F128451DC978B2D,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000139236Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:35.526{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64719-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000120911Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:36.643{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50615-false10.0.1.12-8000- 23542300x8000000000000000120910Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:38.118{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4EA1A678C892110B6691F089FF637AA4,SHA256=0E14E6BB7D10189E7C2AFA7B5AA4FDBE620D032306F56973C948B7FE9C3D21EA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120912Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:39.134{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4F2AFE9A7BFAD551F5A61B34FB414CF1,SHA256=892EE732831B2FE8AA5AC28DF8D0F9AB88E1A46E4634A6EBEE3F979CB1C7AC28,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139239Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:39.306{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=71E1F37AA6B082708E56554CCAD67CF1,SHA256=655627B171B1D57C31590BA60F8120F3CDB2D953EDB1C1D9788163E8F2392751,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139243Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:40.337{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=06CDE6CEC6D40F67AE28720389DD2E73,SHA256=0770DEE3FA1F98B7FDE699EC81435B86A95E15F0A1F68D9C33FC8FBC40645B02,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120913Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:40.149{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=83371592A56B7258537DC27F884A0F0D,SHA256=09653A4D28802000781E229CCE32CE9F4C562AA734988759D4C40865BFE6E97E,IMPHASH=00000000000000000000000000000000falsetrue 13241300x8000000000000000139242Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:44:40.150{6EDEAD03-504E-615D-2B00-00000000FC01}2952C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\8EFF07E0-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_8EFF07E0-0000-0000-0000-100000000000.XML 13241300x8000000000000000139241Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:44:40.146{6EDEAD03-504E-615D-2B00-00000000FC01}2952C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\3921F692-FD43-40E6-838A-1597F7469C61\Config SourceDWORD (0x00000001) 13241300x8000000000000000139240Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-SetValue2021-10-06 08:44:40.146{6EDEAD03-504E-615D-2B00-00000000FC01}2952C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\3921F692-FD43-40E6-838A-1597F7469C61\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_3921F692-FD43-40E6-838A-1597F7469C61.XML 23542300x8000000000000000139251Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:41.389{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=86ADDC5F859F88E0229DD3BF6E0CFD26,SHA256=4A09F3C0F4B8DAF996AE022E95543A8485284A61B7880D718BD7146583A2065D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139250Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:41.348{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4A34948D0F13295447ED4F6B0F26C3B3,SHA256=6E04133352474B828A4EF3ECCE46BDE931104CDD6F96FF0E11D561E2DFA4A430,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120915Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:41.165{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D5C7777E2786963A7946653D6D400D14,SHA256=F78B8B482C96BF85A1C9B64FB0E18DB78BEAEF68FFEA85718FB7256B7FC73DAA,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000139249Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:39.485{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64722-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x8000000000000000139248Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:39.485{6EDEAD03-504E-615D-2B00-00000000FC01}2952C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64722-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x8000000000000000139247Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:39.477{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64721-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x8000000000000000139246Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:39.477{6EDEAD03-504E-615D-2B00-00000000FC01}2952C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64721-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x8000000000000000139245Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:39.460{6EDEAD03-5041-615D-0D00-00000000FC01}884C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64720-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local135epmap 354300x8000000000000000139244Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:39.460{6EDEAD03-504E-615D-2B00-00000000FC01}2952C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64720-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local135epmap 10341000x8000000000000000120914Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:41.118{49C67628-5043-615D-1700-00000000FD01}12441708C:\Windows\System32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\cryptsvc.dll+6124|c:\windows\system32\cryptsvc.dll+5e34|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000139252Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:42.419{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3ECF976B80B06F7E7ADEB5EA7490F25D,SHA256=C61C823270B5E34C05436C473DC3141986EC5927CD20E1B97713C1A3DC141A57,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120919Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:40.634{49C67628-5043-615D-1000-00000000FD01}936C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse47.97.202.7-58534-false10.0.1.15win-host-340.eu-central-1.compute.internal3389ms-wbt-server 23542300x8000000000000000120918Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:42.180{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=50D8420DDE30EDF9EE7551C9983F14AC,SHA256=5FB85F8B11E8869705272B3780EC3E7B144FC7255A7CB19724B15EEDA503816C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120917Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:42.149{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1661D6DC99C1A5352A04B4449D42A9A5,SHA256=3AFDA41B62504CCE94F3AC1821BB50024C651CE0B2653E677D8A8B81C7128B68,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120916Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:42.149{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BFA9614FDA3A09EBE3041E3D74B05616,SHA256=61EF29DCA17616803943696AAFF2CEB89C72B12C8E6922348245D2AD19D82DAF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000139277Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:43.824{6EDEAD03-5391-615D-0E01-00000000FC01}48005564C:\Windows\Explorer.EXE{6EDEAD03-61FB-615D-EC02-00000000FC01}5492C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62f15|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139276Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:43.824{6EDEAD03-5391-615D-0E01-00000000FC01}48005564C:\Windows\Explorer.EXE{6EDEAD03-61FB-615D-EC02-00000000FC01}5492C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e2e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139275Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:43.824{6EDEAD03-5391-615D-0E01-00000000FC01}48005564C:\Windows\Explorer.EXE{6EDEAD03-61FB-615D-EC02-00000000FC01}5492C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62df7|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139274Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:43.817{6EDEAD03-5391-615D-0801-00000000FC01}43684476C:\Windows\system32\taskhostw.exe{6EDEAD03-61FB-615D-ED02-00000000FC01}5128C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139273Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:43.806{6EDEAD03-5391-615D-0801-00000000FC01}43684476C:\Windows\system32\taskhostw.exe{6EDEAD03-61FB-615D-ED02-00000000FC01}5128C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d812|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139272Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:43.791{6EDEAD03-5391-615D-0E01-00000000FC01}48002100C:\Windows\Explorer.EXE{6EDEAD03-61FB-615D-EC02-00000000FC01}5492C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62f15|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139271Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:43.790{6EDEAD03-5391-615D-0E01-00000000FC01}48002100C:\Windows\Explorer.EXE{6EDEAD03-61FB-615D-EC02-00000000FC01}5492C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e2e|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139270Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:43.790{6EDEAD03-5391-615D-0E01-00000000FC01}48002100C:\Windows\Explorer.EXE{6EDEAD03-61FB-615D-EC02-00000000FC01}5492C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62df7|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139269Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:43.790{6EDEAD03-5391-615D-0E01-00000000FC01}48002100C:\Windows\Explorer.EXE{6EDEAD03-61FB-615D-EC02-00000000FC01}5492C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139268Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:43.772{6EDEAD03-5391-615D-0E01-00000000FC01}48005064C:\Windows\Explorer.EXE{6EDEAD03-61FB-615D-ED02-00000000FC01}5128C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62890|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139267Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:43.772{6EDEAD03-5391-615D-0E01-00000000FC01}48005064C:\Windows\Explorer.EXE{6EDEAD03-61FB-615D-ED02-00000000FC01}5128C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bc0|C:\Windows\System32\SHELL32.dll+6284c|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139266Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:43.772{6EDEAD03-5391-615D-0E01-00000000FC01}48005064C:\Windows\Explorer.EXE{6EDEAD03-61FB-615D-ED02-00000000FC01}5128C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62820|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139265Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:43.772{6EDEAD03-5391-615D-0E01-00000000FC01}48005064C:\Windows\Explorer.EXE{6EDEAD03-61FB-615D-ED02-00000000FC01}5128C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+f5319|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139264Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:43.760{6EDEAD03-5041-615D-1600-00000000FC01}12921948C:\Windows\system32\svchost.exe{6EDEAD03-61FB-615D-ED02-00000000FC01}5128C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139263Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:43.759{6EDEAD03-5041-615D-1600-00000000FC01}12921348C:\Windows\system32\svchost.exe{6EDEAD03-61FB-615D-ED02-00000000FC01}5128C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139262Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:43.751{6EDEAD03-61FB-615D-ED02-00000000FC01}5128368C:\Windows\system32\conhost.exe{6EDEAD03-61FB-615D-EC02-00000000FC01}5492C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139261Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:43.732{6EDEAD03-538E-615D-FD00-00000000FC01}1001332C:\Windows\system32\csrss.exe{6EDEAD03-61FB-615D-ED02-00000000FC01}5128C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000139260Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:43.714{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139259Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:43.713{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139258Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:43.713{6EDEAD03-538E-615D-FD00-00000000FC01}1001288C:\Windows\system32\csrss.exe{6EDEAD03-61FB-615D-EC02-00000000FC01}5492C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000139257Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:43.713{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139256Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:43.713{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139255Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:43.713{6EDEAD03-5391-615D-0E01-00000000FC01}48005344C:\Windows\Explorer.EXE{6EDEAD03-61FB-615D-EC02-00000000FC01}5492C:\Windows\system32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+a909f|C:\Windows\System32\windows.storage.dll+a8d15|C:\Windows\System32\windows.storage.dll+a8806|C:\Windows\System32\windows.storage.dll+a9c78|C:\Windows\System32\windows.storage.dll+a862e|C:\Windows\System32\windows.storage.dll+ab445|C:\Windows\System32\windows.storage.dll+ab7c4|C:\Windows\System32\windows.storage.dll+204ae4|C:\Windows\System32\windows.storage.dll+ad62a|C:\Windows\System32\windows.storage.dll+ad3e2|C:\Windows\System32\SHELL32.dll+3f8bd|C:\Windows\System32\SHELL32.dll+3e456|C:\Windows\System32\SHELL32.dll+801d1|C:\Windows\System32\SHELL32.dll+6716e|C:\Windows\System32\SHELL32.dll+1757a0|C:\Windows\System32\SHELL32.dll+17c27c|C:\Windows\System32\SHELL32.dll+19ea38|C:\Windows\System32\SHELL32.dll+17c416|C:\Windows\system32\explorerframe.dll+13cf7b|C:\Windows\system32\explorerframe.dll+139d07 154100x8000000000000000139254Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:43.710{6EDEAD03-61FB-615D-EC02-00000000FC01}5492C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"cmd.exe" /s /k pushd "C:\Temp"C:\Windows\system32\ATTACKRANGE\Administrator{6EDEAD03-5390-615D-37C9-0C0000000000}0xcc9372HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{6EDEAD03-5391-615D-0E01-00000000FC01}4800C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 23542300x8000000000000000139253Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:43.435{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FFBB777F9F1F726305E559D5939625E6,SHA256=11B6729320200468834EE82DDB289C4CD09B48DF7992D21CF2C95AD7F01974F3,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120921Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:41.658{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50616-false10.0.1.12-8000- 23542300x8000000000000000120920Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:43.196{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=180CF0F8F73DF69D239290ECB704D0B4,SHA256=4375CC27BC22E1617247E900D90EB93877334C25EBD59FBF1D7AD864A10D8049,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139282Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:44.752{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CCE3023481F9ADC42F787B1C7BCBDCB5,SHA256=C43E1DF1ADFF782FAC13F283A6CB90706133162DF85CAA2BC6AD82C205DD8DA1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120923Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:44.368{49C67628-5044-615D-2200-00000000FD01}1580NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120922Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:44.212{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=41A1B91BEDD8EB41830495ECF0BC9600,SHA256=19CF6B68567DDA991D41E384A63ADAEC058C8C0A5AA83CEB1A071B3055491863,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139281Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:44.430{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2F53EB6E825C08027CC3B627FE8FBE14,SHA256=03B90537CAA37B8DD9EC00B66362F611660DEE4B49F3445F2043C3F92BEFDC7C,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000139280Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:42.159{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.15-57213- 354300x8000000000000000139279Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:41.357{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64723-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000139278Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:41.191{6EDEAD03-5041-615D-0F00-00000000FC01}104C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsefalse47.97.202.7-58546-false10.0.1.14win-dc-676.attackrange.local3389ms-wbt-server 23542300x8000000000000000139283Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:45.756{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FCA6C444A97369A58067DF0BDCE0CBCF,SHA256=4208FBD5085B375CDB1676008375B21568E5EE046E12DACF16C6DF13695AA2E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120924Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:45.212{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0C71BF7A9BF506F572CEF881CD2F533C,SHA256=DFAE0C8E1322C8B42E8DE7BEBB89C799DBEEC9074496C169FD16C0F4181C30C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139285Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:46.785{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=56C345DAAC72E5C4E34B74C4AE1916D6,SHA256=2B0D39F187DC37D3559F5151B1C10327559DD265B86E76CB45B84FBAEFA95AFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120926Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:46.227{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5E81DCF50484BAA363746F12A2FD0172,SHA256=0872E2EB078D6B3167DF5C7778C2871F0A49AC2AC97C7C90911B5917C56C678D,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000139284Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:43.605{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55939- 354300x8000000000000000120925Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:43.892{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50617-false10.0.1.12-8089- 23542300x8000000000000000139286Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:47.788{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D2069CE2DC58274D516A72AA1E9BEF4,SHA256=132D2103FF852AC807FFA949BBD3CF216F9E1A955C7D5130A2181E4B040A78B8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120927Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:47.243{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE938180DF54D6FD198FF1D42D635EA3,SHA256=A4C8B4831F5652EF0845B0243DFAAF79CDC1C5BAFC8D795F6066F4707EA26797,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139287Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:48.793{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=337A6BBB2E2D73F9BE941F846F9EA326,SHA256=275194FBC9196C4C12C0785D235E42C7FF96EB5A27E87E356270ED5274E0D793,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120928Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:48.258{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2CB588B8C8BE45F16BD609019255313D,SHA256=D9389693B8B8DDA00A21202E21703CA2D6CB1D2320A3E0A5F676286287C74119,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139288Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:49.797{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A4EF10159BE72967651BE3A10D350997,SHA256=EA796428E188B563DAB1592B363920E4B8D362D847715D32E7DDF7DCD16C8302,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120929Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:49.274{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=48F96F994C6D6F4BA7179B5DCA294432,SHA256=169DEAEB9DB04C761DC26A000740D57CD14771A546FD673A583DA430C548C281,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139290Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:50.803{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7503A5284F195BEECA28A1D9E0146E12,SHA256=E229D1CAE03A83DEA3822796BA2484A8841E317A17C19001D9C260539D686A94,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120931Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:50.290{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=909A7C030514A19A86BC239D9E52D8DE,SHA256=ACB20C5D1F3419939B529328EB5B81A6ABF69D2C128AF077C692EF753EDCEDFD,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000139289Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:47.350{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64724-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000120930Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:47.627{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50618-false10.0.1.12-8000- 23542300x8000000000000000139291Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:51.827{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FC54C66184B385E67ED91B9E9F1D7A0E,SHA256=9483673C3D23CE60D16812C52E2D8C579B802D9B931ADD5A66D8C3A711DE043B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120932Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:51.295{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D0B4772373F0DBA10FAF95282E0B9157,SHA256=0D8DA9EBA7B8E9AC6DDE2CDD0BA1525FF6258E369261B7AE6ABC56B060B59467,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139294Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:52.840{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F2B2845851C253ABBF7D3AC23133C81F,SHA256=FBBB35BBD0A6BBF7161E8E5472DAA0CDDCC76A8BDEA4B4C79B5854E1526EF418,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120933Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:52.311{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FF961581079CC047D451BB6A62BE358E,SHA256=9B90E2B4D7EAC53B6E9AEEE27F0F8DCB12C74DD88BB01821DBB77BBDEC84CB64,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000139293Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:50.554{6EDEAD03-5024-615D-0100-00000000FC01}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64725-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local445microsoft-ds 354300x8000000000000000139292Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:50.554{6EDEAD03-5024-615D-0100-00000000FC01}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64725-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local445microsoft-ds 23542300x8000000000000000139295Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:53.898{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AD2F6A68D3751BBC517A5C32F6E6CF26,SHA256=5E7DBDB657136F47AAED1D8CABB71A8FA0ED9C30BD07351D49DE89C0FCB5713C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120934Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:53.326{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DD63763B577340D7E748E6104D49C4DE,SHA256=C316B3D07E50D28235F58726C3C55173B46674DB2D0BD99237DF42DA94D2CC1A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139298Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:54.904{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=82D9CBC9F5A804AFB24FDA5F494091F2,SHA256=AC055B27FD8D0CFDB318D7982AF6E34F1024ED65994D9A3266736F3D956031C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120935Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:54.342{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FC6DBCDE04B6EC6D9C3A82702B44B316,SHA256=7165C56DB68D23187E7D21EAC17565EB8ED83F1E160296A6C11F2A03C83B998F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000139297Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:52.521{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64726-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000139296Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:54.494{6EDEAD03-503F-615D-0B00-00000000FC01}6241996C:\Windows\system32\lsass.exe{6EDEAD03-5024-615D-0100-00000000FC01}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96ef2|C:\Windows\system32\kerberos.DLL+793e4|C:\Windows\system32\kerberos.DLL+1443f|C:\Windows\system32\lsasrv.dll+2d211|C:\Windows\system32\lsasrv.dll+2b3d4|C:\Windows\system32\lsasrv.dll+30485|C:\Windows\system32\lsasrv.dll+2e31b|C:\Windows\system32\lsasrv.dll+2d211|C:\Windows\system32\lsasrv.dll+15ded|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 23542300x8000000000000000139301Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:55.937{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5A1F3DB1705BFA9FED15C2E393C59916,SHA256=D24185EF0CC1A03E7F762ACD76A96BC430B27A93D6110A4C4D5538E14BF6B37A,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120937Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:52.632{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50619-false10.0.1.12-8000- 23542300x8000000000000000120936Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:55.357{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D12E19CA4CB091133344AB3E2EAD3AD2,SHA256=1F867DEB37ABBB1D06753D8668D0E3D33D740E2096DF82D578AD3F2F05919C9F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139300Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:55.600{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=33094A72F57C1AB963194AB771131DA5,SHA256=163B7B0BCD7C328070BF45CEDF4E4282F4E78B9D20F48B47214422937179525F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139299Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:55.598{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=318AC082C67FA3BF2F4119EFD4A41E3A,SHA256=1B0AE353684B14FDF38BAF040CE3E707E389B5AD958BAEE8E071A1CB9EBA9333,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139306Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:56.955{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A9DF5256759BE407D65673EC58FBF3B,SHA256=64702BE4C20ED58DFA704A01ADB3DB68F445A33FECFB052757F6CC4E1CEC2271,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120938Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:56.373{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=358A2CB0FE57D35275B18455FBE42B63,SHA256=73E1CD1A59CF9E432D39B840C97FF08F0835596FBBD9042A89CBA2D87472B291,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000139305Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:53.712{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-676.attackrange.local64728-false10.0.1.14win-dc-676.attackrange.local389ldap 354300x8000000000000000139304Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:53.712{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64728-false10.0.1.14win-dc-676.attackrange.local389ldap 354300x8000000000000000139303Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:53.704{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64727-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 354300x8000000000000000139302Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:53.704{6EDEAD03-5041-615D-1600-00000000FC01}1292C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64727-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local389ldap 23542300x8000000000000000120939Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:57.404{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1D866C1263ACF0D9D98718FA7D7950DA,SHA256=670637C76547028174D3462F416CCC8892CFE5C50ECB193E13502453C68F6A99,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120940Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:58.529{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E8BA3F9F7068223128439FE640401D08,SHA256=C41EA3A6E4E1330BC3FD330CDAB3076A5AE18211A993AE8B817F42F967A65A03,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139307Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:58.190{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1771DC5759EE791E1CC5A61B16DFFAB2,SHA256=E4B4155E3C7AAE516B7D4990660E9BCB51740FA897DCF9A667E72C8AC358AEF1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120941Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:59.560{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=47144301EAA3C6F6844A4DF1415AEC93,SHA256=3D01470AD086C90634B6147E40CA1FA5FCD91F20D0CAF4EA11506061199878BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139308Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:59.203{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0A2FFD5DFE3EEA2C4F41DB48025278EF,SHA256=C6428A73AE5A73E7CFF647002E8A705EE4724F29FC0A115605BA0452C567C731,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120943Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:44:58.647{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50620-false10.0.1.12-8000- 23542300x8000000000000000120942Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:00.592{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CDF220103B3621F1749BB79133578DCA,SHA256=AE03774830A9C97C8DB6ECDD64DF73885C132E45E4F7AEA07541038A1FB56517,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139309Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:00.205{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C1AEBFCE8FE9E2E86B43177C2D074311,SHA256=ED3C2DBE23226B3F3026E988CBFBBC0C7BD7FA09E84F7C9B045C11ADB0C148F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120954Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:01.779{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=75726266F8DB900713FF3425EF1DD418,SHA256=09F644E54DDEBEB1823D49549021E0266D88EF1E52C8D159E94FA86FCD379C4E,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000139311Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:44:58.425{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64729-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000139310Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.215{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2DA406E7F58361C05E1B25F3CC48D38F,SHA256=EFAA51B54F0D4DC5F9D5895884B416CE31A779C01C4B67A4EA5852E933B04841,IMPHASH=00000000000000000000000000000000falsetrue 13241300x8000000000000000120953Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-06 08:45:01.373{49C67628-5042-615D-0B00-00000000FD01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000120952Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-06 08:45:01.373{49C67628-5042-615D-0B00-00000000FD01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00461f99) 13241300x8000000000000000120951Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-06 08:45:01.373{49C67628-5042-615D-0B00-00000000FD01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7ba86-0x1146d440) 13241300x8000000000000000120950Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-06 08:45:01.373{49C67628-5042-615D-0B00-00000000FD01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7ba8e-0x730b3c40) 13241300x8000000000000000120949Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-06 08:45:01.373{49C67628-5042-615D-0B00-00000000FD01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7ba96-0xd4cfa440) 13241300x8000000000000000120948Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-06 08:45:01.373{49C67628-5042-615D-0B00-00000000FD01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000006) 13241300x8000000000000000120947Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-06 08:45:01.373{49C67628-5042-615D-0B00-00000000FD01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x00461f99) 13241300x8000000000000000120946Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-06 08:45:01.373{49C67628-5042-615D-0B00-00000000FD01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d7ba86-0x1146d440) 13241300x8000000000000000120945Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-06 08:45:01.373{49C67628-5042-615D-0B00-00000000FD01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d7ba8e-0x730b3c40) 13241300x8000000000000000120944Microsoft-Windows-Sysmon/Operationalwin-host-340-SetValue2021-10-06 08:45:01.373{49C67628-5042-615D-0B00-00000000FD01}628C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d7ba96-0xd4cfa440) 23542300x8000000000000000120955Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:02.779{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=198C6C14C7D8640235D82050BB0E752C,SHA256=E85F7D2C55F66F3DA25B8E0C1B5B6691F8EB32AE776272690507DEF79683EEB5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139312Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:02.217{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=02FB9F720C6CF3916CDE138445F41A5F,SHA256=A2B174C8A4B92B44F1907938DEAB3CA1944673CD65BB916E77F593E7AB59F015,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120957Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:03.907{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DB89ABC12593B42473B99F9E2A90A5BB,SHA256=8077C9FEB569C35925E9D67B4FCBFE657DFD339ED7328D91A6FC47FAA57C724E,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000139360Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.602{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local57461- 354300x8000000000000000139359Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.601{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60199- 354300x8000000000000000139358Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.600{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local60425- 354300x8000000000000000139357Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.599{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local62230- 354300x8000000000000000139356Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.595{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56467- 354300x8000000000000000139355Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.594{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local62968- 354300x8000000000000000139354Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.594{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64012- 354300x8000000000000000139353Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.591{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60577- 354300x8000000000000000139352Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.590{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60015- 354300x8000000000000000139351Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.588{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58474- 354300x8000000000000000139350Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.587{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local59567- 354300x8000000000000000139349Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.586{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56085- 354300x8000000000000000139348Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.583{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61724- 354300x8000000000000000139347Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.582{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local60972- 354300x8000000000000000139346Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.582{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64524- 354300x8000000000000000139345Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.580{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local65366- 354300x8000000000000000139344Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.579{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local56365- 354300x8000000000000000139343Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.578{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58668- 354300x8000000000000000139342Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.577{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local60029- 354300x8000000000000000139341Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.577{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55791- 354300x8000000000000000139340Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.575{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local61918- 354300x8000000000000000139339Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.575{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local63120- 354300x8000000000000000139338Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.573{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60272- 354300x8000000000000000139337Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.572{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local55644- 354300x8000000000000000139336Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.571{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local62200- 354300x8000000000000000139335Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.570{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local58581- 354300x8000000000000000139334Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.570{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59002- 354300x8000000000000000139333Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.569{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60678- 354300x8000000000000000139332Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.568{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local54103- 354300x8000000000000000139331Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.567{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64330- 354300x8000000000000000139330Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.567{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55000- 354300x8000000000000000139329Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.566{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local64290- 354300x8000000000000000139328Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.565{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local55484- 354300x8000000000000000139327Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.564{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local55838- 354300x8000000000000000139326Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.564{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57545- 354300x8000000000000000139325Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.563{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local60213- 354300x8000000000000000139324Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.562{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61261- 354300x8000000000000000139323Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.561{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local60353- 354300x8000000000000000139322Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.561{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMudptruefalse10.0.1.14win-dc-676.attackrange.local60353-false10.0.1.14win-dc-676.attackrange.local53domain 354300x8000000000000000139321Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.560{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64794- 354300x8000000000000000139320Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.560{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMudptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64794-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domain 354300x8000000000000000139319Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.553{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64731-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local49666- 354300x8000000000000000139318Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.553{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64731-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local49666- 354300x8000000000000000139317Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.552{6EDEAD03-5041-615D-0D00-00000000FC01}884C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64730-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local135epmap 354300x8000000000000000139316Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.551{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local64730-truefe80:0:0:0:b879:39b3:8bb9:e640win-dc-676.attackrange.local135epmap 23542300x8000000000000000139315Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:03.250{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C485A30704AE3EF3BBBCCC0144E516A9,SHA256=8C7CBC09FB0A52665D6693555328D1B7E5B829D595FB6D985D001EDEEEF71753,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139314Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:03.249{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=33094A72F57C1AB963194AB771131DA5,SHA256=163B7B0BCD7C328070BF45CEDF4E4282F4E78B9D20F48B47214422937179525F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139313Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:03.222{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9C636608AE7B52B8BEAFB4DCBEC9493E,SHA256=C291CD51AA437C40CD00441BB1A776F2AF63DC37EE31E7FC7EF906CC3192012C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120956Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:03.098{49C67628-5044-615D-1A00-00000000FD01}1860NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211006072910-073MD5=266A8C17E3E1B8A0B29A8C5E77CA200E,SHA256=01EFC44F32696762DC9319663F7889EF6AAFD7A8B30AE6A823FD17BD5EE43D66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120959Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:04.954{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D7227D7CE9C6B8D2B2C15E0D2534C32C,SHA256=E6C3C54A7EE8523A4B9EB93D609626432F54F7210349C4B6817D83305A93283F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000139370Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:04.958{6EDEAD03-5041-615D-1600-00000000FC01}12921948C:\Windows\system32\svchost.exe{6EDEAD03-6210-615D-EE02-00000000FC01}924C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139369Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:04.958{6EDEAD03-5041-615D-1600-00000000FC01}12921348C:\Windows\system32\svchost.exe{6EDEAD03-6210-615D-EE02-00000000FC01}924C:\Windows\system32\DllHost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139368Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:04.942{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-6210-615D-EE02-00000000FC01}924C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+54c6|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139367Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:04.926{6EDEAD03-538E-615D-FD00-00000000FC01}1001288C:\Windows\system32\csrss.exe{6EDEAD03-6210-615D-EE02-00000000FC01}924C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000139366Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:04.926{6EDEAD03-503F-615D-0500-00000000FC01}408424C:\Windows\system32\csrss.exe{6EDEAD03-6210-615D-EE02-00000000FC01}924C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000139365Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:04.926{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-6210-615D-EE02-00000000FC01}924C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+366e9|c:\windows\system32\rpcss.dll+3bed2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000139364Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:04.626{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F7A1CB0E786771E47EC62C013AF6AEA,SHA256=63C9835906F8AC1F6BD7C2134B28E58911AF68567C85ECAF3C39B4CE5A44C510,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000139363Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.607{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.14win-dc-676.attackrange.local61375- 354300x8000000000000000139362Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.606{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61587- 354300x8000000000000000139361Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:01.605{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58211- 23542300x8000000000000000120958Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:04.095{49C67628-5044-615D-1A00-00000000FD01}1860NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211006072908-074MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139384Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:05.927{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C485A30704AE3EF3BBBCCC0144E516A9,SHA256=8C7CBC09FB0A52665D6693555328D1B7E5B829D595FB6D985D001EDEEEF71753,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139383Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:05.927{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000139382Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:05.811{6EDEAD03-5391-615D-0E01-00000000FC01}48004000C:\Windows\Explorer.EXE{6EDEAD03-61FB-615D-EC02-00000000FC01}5492C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62f15|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139381Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:05.811{6EDEAD03-5391-615D-0E01-00000000FC01}48004000C:\Windows\Explorer.EXE{6EDEAD03-61FB-615D-EC02-00000000FC01}5492C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+62e2e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139380Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:05.811{6EDEAD03-5391-615D-0E01-00000000FC01}48004000C:\Windows\Explorer.EXE{6EDEAD03-61FB-615D-EC02-00000000FC01}5492C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62df7|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+1544df|C:\Windows\System32\windows.storage.dll+15325f|C:\Windows\System32\windows.storage.dll+15620f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139379Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:05.811{6EDEAD03-5391-615D-0E01-00000000FC01}48005064C:\Windows\Explorer.EXE{6EDEAD03-61FB-615D-ED02-00000000FC01}5128C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6162f|C:\Windows\System32\SHELL32.dll+62890|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139378Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:05.811{6EDEAD03-5391-615D-0E01-00000000FC01}48005064C:\Windows\Explorer.EXE{6EDEAD03-61FB-615D-ED02-00000000FC01}5128C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47bc0|C:\Windows\System32\SHELL32.dll+6284c|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139377Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:05.811{6EDEAD03-5391-615D-0E01-00000000FC01}48005064C:\Windows\Explorer.EXE{6EDEAD03-61FB-615D-ED02-00000000FC01}5128C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61884|C:\Windows\System32\SHELL32.dll+62820|C:\Windows\System32\TwinUI.dll+f54e1|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139376Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:05.811{6EDEAD03-5391-615D-0E01-00000000FC01}48005064C:\Windows\Explorer.EXE{6EDEAD03-61FB-615D-ED02-00000000FC01}5128C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+f5319|C:\Windows\System32\TwinUI.dll+f5d4f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000139375Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:05.627{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AC7013A21484577C79BF90395DDF7C35,SHA256=BDC7B8A57FB80DECC6650F1F0E5B4E7FF9366936B904EDA7FB574675147209FE,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000139374Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:05.327{6EDEAD03-5391-615D-0E01-00000000FC01}48005344C:\Windows\Explorer.EXE{6EDEAD03-61FB-615D-EC02-00000000FC01}5492C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\ole32.dll+8a12e|C:\Windows\System32\ole32.dll+89a2b|C:\Windows\System32\ole32.dll+88be7|C:\Windows\System32\ole32.dll+8c817|C:\Windows\System32\SHELL32.dll+2c8e7d|C:\Windows\System32\SHELL32.dll+283a3e|C:\Windows\system32\explorerframe.dll+b29b9|C:\Windows\system32\DUI70.dll+48b9d|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\System32\DUser.dll+9f5a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+4f50e|C:\Windows\system32\explorerframe.dll+4d2f6|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+1aced|C:\Windows\system32\explorerframe.dll+1ac26|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+587c9 10341000x8000000000000000139373Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:05.327{6EDEAD03-5391-615D-0E01-00000000FC01}48005344C:\Windows\Explorer.EXE{6EDEAD03-61FB-615D-EC02-00000000FC01}5492C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\ole32.dll+b5f02|C:\Windows\System32\ole32.dll+899f9|C:\Windows\System32\ole32.dll+88be7|C:\Windows\System32\ole32.dll+8c817|C:\Windows\System32\SHELL32.dll+2c8e7d|C:\Windows\System32\SHELL32.dll+283a3e|C:\Windows\system32\explorerframe.dll+b29b9|C:\Windows\system32\DUI70.dll+48b9d|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\System32\DUser.dll+9f5a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+4f50e|C:\Windows\system32\explorerframe.dll+4d2f6|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+1aced|C:\Windows\system32\explorerframe.dll+1ac26|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+587c9 10341000x8000000000000000139372Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:05.042{6EDEAD03-5391-615D-0E01-00000000FC01}48005344C:\Windows\Explorer.EXE{6EDEAD03-61FB-615D-EC02-00000000FC01}5492C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\ole32.dll+8a220|C:\Windows\System32\ole32.dll+8c32e|C:\Windows\System32\ole32.dll+8c7fb|C:\Windows\System32\SHELL32.dll+2c8e7d|C:\Windows\System32\SHELL32.dll+283a3e|C:\Windows\system32\explorerframe.dll+b29b9|C:\Windows\system32\DUI70.dll+48b9d|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\System32\DUser.dll+9f5a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+4f50e|C:\Windows\system32\explorerframe.dll+4d2f6|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+1aced|C:\Windows\system32\explorerframe.dll+1ac26|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+5888a 10341000x8000000000000000139371Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:05.042{6EDEAD03-5391-615D-0E01-00000000FC01}48005344C:\Windows\Explorer.EXE{6EDEAD03-61FB-615D-EC02-00000000FC01}5492C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1b24a|C:\Windows\system32\dataexchange.dll+a087|C:\Windows\System32\ole32.dll+8c1a5|C:\Windows\System32\ole32.dll+8c7fb|C:\Windows\System32\SHELL32.dll+2c8e7d|C:\Windows\System32\SHELL32.dll+283a3e|C:\Windows\system32\explorerframe.dll+b29b9|C:\Windows\system32\DUI70.dll+48b9d|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\System32\DUser.dll+9f5a|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58770|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+4f50e|C:\Windows\system32\explorerframe.dll+4d2f6|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+587c9|C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.4169_none_7de0bbf28341b1f2\comctl32.dll+58547|C:\Windows\system32\explorerframe.dll+1aced 22542200x8000000000000000139391Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:04.276{6EDEAD03-61B3-615D-D602-00000000FC01}1892d2nxq2uap88usk.cloudfront.net02600:9000:225e:3200:a:da5e:7900:93a1;2600:9000:225e:7000:a:da5e:7900:93a1;2600:9000:225e:ac00:a:da5e:7900:93a1;2600:9000:225e:1200:a:da5e:7900:93a1;2600:9000:225e:3600:a:da5e:7900:93a1;2600:9000:225e:800:a:da5e:7900:93a1;2600:9000:225e:9600:a:da5e:7900:93a1;2600:9000:225e:5200:a:da5e:7900:93a1;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000139390Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:04.274{6EDEAD03-61B3-615D-D602-00000000FC01}1892d2nxq2uap88usk.cloudfront.net013.225.87.51;13.225.87.67;13.225.87.40;13.225.87.113;C:\Program Files\Mozilla Firefox\firefox.exe 354300x8000000000000000139389Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:04.274{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56383- 354300x8000000000000000139388Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:04.103{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58855- 354300x8000000000000000139387Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:04.101{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61856- 354300x8000000000000000139386Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:03.453{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64732-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000139385Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:06.642{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7FD198AF7A8558309D7FDE7A8289211E,SHA256=BF9938AD436D0EAE4B3E51C7DB00AA3EC6BCC5765EE7A7CAE069E086D755C924,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120961Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:03.695{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50621-false10.0.1.12-8000- 23542300x8000000000000000120960Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:06.111{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F4C0F77D3A53E02CAE12BAE9E0F0C20E,SHA256=DCDDCD882C35692031DBB44D329D6520450B6CB9DADA8C56C343FC3897E123E4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000139404Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:07.937{6EDEAD03-503F-615D-0B00-00000000FC01}6241996C:\Windows\system32\lsass.exe{6EDEAD03-6213-615D-EF02-00000000FC01}4504C:\Temp\sdel.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24be7|C:\Windows\system32\lsasrv.dll+25d2d|C:\Windows\system32\lsasrv.dll+24a65|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139403Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:07.937{6EDEAD03-503F-615D-0B00-00000000FC01}6241996C:\Windows\system32\lsass.exe{6EDEAD03-6213-615D-EF02-00000000FC01}4504C:\Temp\sdel.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249ad|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000139402Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.localAlert,Sysinternals Tool UsedSetValue2021-10-06 08:45:07.921{6EDEAD03-6213-615D-EF02-00000000FC01}4504C:\Temp\sdel.exeHKU\S-1-5-21-1984405510-3441252591-1346373189-500\SOFTWARE\Sysinternals\SDelete\EulaAcceptedDWORD (0x00000001) 23542300x8000000000000000139401Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:07.673{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=16A59512386CB8E097AA6BDE76566B5B,SHA256=5E02115B7C71BC0B8CF6A57FB2EC465F79A3B7874F08F5C18D3C6A7EB2A0F602,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120962Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:07.142{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AC74820FE8D4A71B99A8D1BE32DBFBD9,SHA256=D2BC001CCB482CC82AAD25D9DCB3070F509F1209C8C20073714EEE2CC9654311,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000139400Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:07.474{6EDEAD03-61FB-615D-ED02-00000000FC01}5128368C:\Windows\system32\conhost.exe{6EDEAD03-6213-615D-EF02-00000000FC01}4504C:\Temp\sdel.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139399Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:07.373{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139398Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:07.373{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139397Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:07.373{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139396Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:07.373{6EDEAD03-538E-615D-FD00-00000000FC01}1004524C:\Windows\system32\csrss.exe{6EDEAD03-6213-615D-EF02-00000000FC01}4504C:\Temp\sdel.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000139395Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:07.373{6EDEAD03-5041-615D-0C00-00000000FC01}8284944C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139394Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:07.373{6EDEAD03-61FB-615D-EC02-00000000FC01}54922816C:\Windows\system32\cmd.exe{6EDEAD03-6213-615D-EF02-00000000FC01}4504C:\Temp\sdel.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\system32\cmd.exe+f1e1|C:\Windows\system32\cmd.exe+11a37|C:\Windows\system32\cmd.exe+cb0d|C:\Windows\system32\cmd.exe+c295|C:\Windows\system32\cmd.exe+1ace3|C:\Windows\system32\cmd.exe+1510d|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000139393Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:07.375{6EDEAD03-6213-615D-EF02-00000000FC01}4504C:\Temp\sdel.exe2.04Secure file deleteSysinternals SdeleteSysinternals - www.sysinternals.comsdelete.exesdel /accepteula -q C:\Temp\malware.exeC:\Temp\ATTACKRANGE\Administrator{6EDEAD03-5390-615D-37C9-0C0000000000}0xcc9372HighMD5=803DF907D936E08FBBD06020C411BE93,SHA256=E8EAA39E2ADFD49AB69D7BB8504CCB82A902C8B48FBC256472F36F41775E594C,IMPHASH=BF6D322BC62D8BD901E253F67BC61C4E{6EDEAD03-61FB-615D-EC02-00000000FC01}5492C:\Windows\System32\cmd.exe"cmd.exe" /s /k pushd "C:\Temp" 23542300x8000000000000000139392Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:07.058{6EDEAD03-5041-615D-1100-00000000FC01}380NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=464A9CDAD0BC2027CF5F36D877401678,SHA256=81A9DB6B6C0FEE7DCD8FC46BA273E083C7F0D86D3C6BEB5B9B12611B2501ABD6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139407Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:08.699{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9957B000A3BEC9F9D0D66FEFA200F823,SHA256=C3A22E9326B1A3E714A4075FEB8E9C813228427DB11A595655DBCE2C4A3ACB97,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120964Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:08.829{49C67628-5043-615D-1200-00000000FD01}1012NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=AABE3CBFB5EEF2651ACD5723033AEFB0,SHA256=3CEB8BD8E2F7174DB240050F94A1D218AF0EE190EBF47C9DB734AB423A0D030E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120963Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:08.189{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B50D9F5ECD8BC4BF4E2B07930A51497A,SHA256=6A8D388542A7F3E58CAAF9EB1292099C47AFF91480387B22F4D87ADE07663686,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139406Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:08.399{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E4C051F3F0CBB399F57B32DA5A0825DB,SHA256=95A8A365D21EB2AD447096D4D3E7A9E431E2399A2F9DFBCA8E1E1D78D57EB55F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139405Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:07.999{6EDEAD03-6213-615D-EF02-00000000FC01}4504ATTACKRANGE\AdministratorC:\Temp\sdel.exeC:\TZZZZZZZZZZZ.ZZZMD5=26DB552EFA036EA4EDA24EE4B00F4FF4,SHA256=DE3E94F497B16A9A93E3EB06BCA032ED994BB14F3B099646F3856F0AF7C74876,IMPHASH=00000000000000000000000000000000falsefalse - shredded file with pattern 0x00 23542300x8000000000000000139409Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:09.784{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\cache2\doomed\24457MD5=BC493C1FD3D9B80B96722989551DFDCF,SHA256=6FD5C428EA1CB2C395AE31A844991C4B26E124780499E1F0187D1596B401CA14,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139408Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:09.699{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7E953A59C8E06F49CDCCD70A55D766E5,SHA256=E561F3A8E8D853DA5C6D21E7AD857733C30CD5B95864EC13AAE4B856DFD2374A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120965Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:09.204{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=672634546CAD7C5EE7B29789E6E58FA3,SHA256=75335D129E8797B5E0D8324888E2656468769BFB5B2F24C9F2AC17D1B89D5C3B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120967Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:08.697{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50622-false10.0.1.12-8000- 23542300x8000000000000000120966Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:10.282{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0499263D66F4FE89E14B5FDF5C684BAF,SHA256=572969C70E809A0E5522A7BAF642DDB6C2006C31A4BF226E25D3A9990D96120E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139410Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:10.717{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8258630962E7854A18D17B2E524E8931,SHA256=9576B8F397804C13D13B0B4AAC66E01963DA4FB6193F4C354280C7B1CB877A53,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120968Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:11.343{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CAFA99B9A455818643D87B1E6D70AA3A,SHA256=8BE539CD70F2F9AD419A6649EA150CC35450A78C567ED67DF112287131FB5919,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000139412Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:09.346{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64733-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000139411Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:11.736{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4BD24CA31E6875DD6388B8960AFC6AAF,SHA256=FDA5270BD5EB5BA631A8E8099F1D3E8F29939BA830901E0B2EF943C1A889CC3A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120969Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:12.390{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=20CE8969ACBE485B3742252E042994CC,SHA256=21195A185A451444EBEB92F52290D91EAF44031FEF4A8FE2A45F2D112D7381A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139413Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:12.766{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=77FB41B8B26EC9E2D55B812F572DFACF,SHA256=DA67204FDFD6C0E3D31A1159AFBDADB03AA6C4187151687141D101F2E66AB636,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139415Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:13.838{6EDEAD03-504E-615D-2800-00000000FC01}2924NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211006072921-073MD5=58D52BFFD80488B8005F7C319C2D4334,SHA256=B9D8441D1BC2ED8425146F5F211E2A21C477807F4E0B7EBAD9811C868FAB9279,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139414Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:13.781{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5AC4A13DABEDE9D2A38C5EDCE1CD8398,SHA256=50474F7014F19C2BF2447D1D4321AC64CBDF6DEF8B3366B20DF4676D8A9FE9DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120970Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:13.421{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9790004ACB43BA2CB4811746BCCE462B,SHA256=9BBD248E6900F757D58244AE22A0D76004CC66A52AD30F53212F43B67A9D77FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139417Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:14.851{6EDEAD03-504E-615D-2800-00000000FC01}2924NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211006072919-074MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139416Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:14.796{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=92C69686B9ACFEE4C7E0EADA9F3879CD,SHA256=1AD8CB6E950944A7A33C208D80DF5C0E5D7D3831EC6095658C239176D5D474E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120971Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:14.484{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9C41482E4FDA4A8E50463C3A87C45DAE,SHA256=CB58FDA8F7286A08928207411A068DE26F647EBC685452F71E7F2CEA86C3B56A,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000120973Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:13.727{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50623-false10.0.1.12-8000- 23542300x8000000000000000120972Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:15.546{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=26176CC534C785972F52931E85526BAF,SHA256=06479B7F2DB5909E5E7726239BF8D851F62C1B1963871EDC672CFF04D2920D12,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139424Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:15.935{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=B1CAED85C44DCDF8EC7709ECC0ACED4D,SHA256=D923EFD0807EDF73201F03AD7DC317BC7A25E7A429C68E6C79D7C383920FA249,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139423Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:15.935{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=4C661F40DB7EF8175B9CDB4330C5D25E,SHA256=C3DB8346A9A673B9B80996F85FED2D940977BAA77320C3B8A05E8D88046A120A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139422Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:15.935{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=27735F6A9FF70142554B5C392E46D497,SHA256=A3BCBC170ECBE9E990046C163FE61CF2D3C9E72118B5CB51E16A43A7A8F92559,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139421Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:15.935{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=D8CD466C36B1D5DCF2CC09654D833ABA,SHA256=7C685D6F8B5E6B1F11AC3D60281A697450761361E61A2B33FC86DEB841F92ECB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139420Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:15.935{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=9C8762BE21BDD987AE6DA10F7C4C412A,SHA256=76EF7FBCE15F1B4A3F20539750CA44CD4D7F3CBD47BEF95FE765032D25290872,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139419Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:15.935{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=37B56698784C8751654FA13F57BEA8F0,SHA256=05B382EEF7AF60E3FB6B346BE4D89D07C280195E294BC4409666703F1E4C8EFD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139418Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:15.816{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8215C000F4551D76D0E6EF9C8D09C3FA,SHA256=CD0F4D74C85B619D683225F394CB09DDF0A7EDAE5F9666EF06A97EB7C313CC64,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120974Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:16.640{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ED5B6AEA3369C22F956E1F9BEDD9BA48,SHA256=4177B26591948C8FE9DB7FC6A308FBB924F5531364389CA3FEACD16BEB01C987,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139429Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:16.954{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139428Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:16.954{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139427Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:16.954{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139426Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:16.954{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139425Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:16.821{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DE7A988B89AC12C3C2EB0CE648E414C8,SHA256=4317933A3F2148F9BBFCA9A37B5E2642D21B64D63AC897134423C217E30B4266,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000120975Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:17.827{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F50DE5CAF7E65450C0C8A7812271BA5A,SHA256=ADE26035D3831255EE77393ADDE46ACC629923EF25B415EF9E127205C8CEF331,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139430Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:17.838{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F7D0BCF879A5BAD08401986632E3448,SHA256=0367515F19F48E30221C68FE3DA6C329457827D18FF486927E309598CBAA9BC6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139432Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:18.853{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0144D09CDB6D85176A1C73F607B4F830,SHA256=52DA2CCDA0FED4ED4BA5EE10C2D25FBA4F2F7E021D981C77039CD69C26BA284A,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000139431Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:14.507{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64734-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000139434Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:19.868{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4FB8934B6F95F3F2FB395276CB265EDD,SHA256=B90BE155FC18F585368A95A2FD8E492F259FA7CE3A23AF849129F146D72BB966,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000120989Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:19.983{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-621F-615D-AA02-00000000FD01}2588C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120988Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:19.983{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120987Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:19.983{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120986Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:19.983{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120985Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:19.983{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120984Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:19.983{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120983Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:19.983{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120982Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:19.983{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120981Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:19.983{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120980Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:19.983{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120979Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:19.983{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-621F-615D-AA02-00000000FD01}2588C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120978Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:19.983{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-621F-615D-AA02-00000000FD01}2588C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120977Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:19.984{49C67628-621F-615D-AA02-00000000FD01}2588C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000120976Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:18.999{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8300669787D89C8F0FEB8B52DFD2C01D,SHA256=26F9756C708E849867A964A132D900D418F5408AB6E9C6C178E98777691D2928,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139433Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:19.037{6EDEAD03-504E-615D-3000-00000000FC01}2448NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139435Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:20.883{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9B9BA6D9677CB8806B9DF24349C31CF6,SHA256=5840CDC8EA60CB11140C64DA09B3A9ECE9352B26D2AC11CCE7A8B460B135C304,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000121004Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:20.655{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6220-615D-AB02-00000000FD01}3220C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121003Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:20.655{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121002Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:20.655{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121001Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:20.655{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121000Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:20.655{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120999Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:20.655{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120998Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:20.655{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120997Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:20.655{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120996Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:20.655{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120995Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:20.655{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000120994Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:20.655{49C67628-5042-615D-0500-00000000FD01}408528C:\Windows\system32\csrss.exe{49C67628-6220-615D-AB02-00000000FD01}3220C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000120993Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:20.655{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6220-615D-AB02-00000000FD01}3220C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000120992Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:20.656{49C67628-6220-615D-AB02-00000000FD01}3220C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000120991Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:20.155{49C67628-621F-615D-AA02-00000000FD01}25882308C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000120990Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:20.015{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B0C24DCC14FFFD8C75CAC55540CED694,SHA256=A74FF12A44F4CB69662C9911D755871FF222A6659D84F66CA24B2D5D07B0B2F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139437Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:21.883{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3D2B27C3F154A26C4D2CE5A473DA16E6,SHA256=346D9EEE8BAFC0C6526D638995D9D3F99DB77AAEE0E9D104AFBD2C960BBA2A03,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121007Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:21.202{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=93C3AFEB805175840D2EE85312D8BBB9,SHA256=69B4527986BDA5BE59005797118D438F9E976A62393EA2E96EA893DF8E0ACB67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121006Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:21.202{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1661D6DC99C1A5352A04B4449D42A9A5,SHA256=3AFDA41B62504CCE94F3AC1821BB50024C651CE0B2653E677D8A8B81C7128B68,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121005Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:21.061{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1082F128E72C6DCB5ED1DDCD774D0B36,SHA256=C6403A9E1666192EC8A6B9B4C81E15553D901D80FA4A4BF0E17D9D3B7830F169,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000139436Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:18.343{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64735-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000139438Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:22.899{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B8F8A21A4EACE7E8A45D161A14481B8C,SHA256=CD8E25E7168307D846A92C73002361E6FC3C0C675DECA544B460F07456C19AAE,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000121022Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:19.727{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50624-false10.0.1.12-8000- 10341000x8000000000000000121021Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:22.327{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6222-615D-AC02-00000000FD01}4084C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121020Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:22.327{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121019Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:22.327{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121018Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:22.327{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121017Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:22.327{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121016Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:22.327{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121015Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:22.327{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121014Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:22.327{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121013Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:22.327{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121012Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:22.327{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121011Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:22.327{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-6222-615D-AC02-00000000FD01}4084C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000121010Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:22.327{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6222-615D-AC02-00000000FD01}4084C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000121009Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:22.328{49C67628-6222-615D-AC02-00000000FD01}4084C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000121008Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:22.233{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C03B885C16B7278BDD4CC24290B8D47A,SHA256=BD2B1B18ED0B6D952CC5830300BA0912AD015975B20C4567FB05FF2B96E3AC50,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139440Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:23.900{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=151937A963789E9982F8935715265F42,SHA256=F1CC13567FA0204808697A0ABB20E102497F52CD5619CA34027022B285F7B043,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000121038Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:23.593{49C67628-6223-615D-AD02-00000000FD01}9282560C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121037Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:23.436{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6223-615D-AD02-00000000FD01}928C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121036Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:23.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121035Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:23.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121034Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:23.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121033Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:23.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121032Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:23.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121031Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:23.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121030Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:23.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121029Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:23.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121028Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:23.436{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121027Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:23.436{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-6223-615D-AD02-00000000FD01}928C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000121026Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:23.436{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6223-615D-AD02-00000000FD01}928C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000121025Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:23.437{49C67628-6223-615D-AD02-00000000FD01}928C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000121024Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:23.358{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=93C3AFEB805175840D2EE85312D8BBB9,SHA256=69B4527986BDA5BE59005797118D438F9E976A62393EA2E96EA893DF8E0ACB67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121023Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:23.280{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0DC10B97038025F944C699176AFB85D9,SHA256=89126B2B438F1B6551661E7BF4F3708ACA9393DBE3A50135AA76FF50B7BAD127,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000139439Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:19.541{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64736-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000139441Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:24.917{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8985BA27B920F6A1DBF99AA3AD232666,SHA256=2F304913DA4BCFA5B0687FDF646518B0CAE995E6E94A5ED6BB82F659C5D79A30,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000121067Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:24.983{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6224-615D-AF02-00000000FD01}832C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121066Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:24.983{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121065Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:24.983{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121064Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:24.983{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121063Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:24.983{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121062Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:24.983{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121061Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:24.983{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121060Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:24.983{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121059Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:24.983{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121058Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:24.983{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121057Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:24.983{49C67628-5042-615D-0500-00000000FD01}408424C:\Windows\system32\csrss.exe{49C67628-6224-615D-AF02-00000000FD01}832C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000121056Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:24.983{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6224-615D-AF02-00000000FD01}832C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000121055Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:24.984{49C67628-6224-615D-AF02-00000000FD01}832C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000121054Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:24.530{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6463657645FD6DAFCE6E9AD68178E1DD,SHA256=B9BAE5B80AAFE4580C40684C8849C5D408D3536A9AFC3230FC990E497D4DD339,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000121053Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:24.468{49C67628-6224-615D-AE02-00000000FD01}1120372C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121052Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:24.311{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6224-615D-AE02-00000000FD01}1120C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121051Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:24.311{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121050Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:24.311{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121049Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:24.311{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121048Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:24.311{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121047Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:24.311{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121046Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:24.311{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121045Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:24.311{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121044Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:24.311{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121043Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:24.311{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121042Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:24.311{49C67628-5042-615D-0500-00000000FD01}408956C:\Windows\system32\csrss.exe{49C67628-6224-615D-AE02-00000000FD01}1120C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000121041Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:24.311{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6224-615D-AE02-00000000FD01}1120C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000121040Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:24.312{49C67628-6224-615D-AE02-00000000FD01}1120C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000121039Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:24.296{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=51ECBFA05C2390974244798877BC55E6,SHA256=54EBB7637344F4C24C68D5710A73CAA49D341059F403981FC27DA307CA88D326,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121069Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:25.717{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=20712B5040303DADD75F976F6BC242A6,SHA256=DB3A81535BB047B8C199B0FB9AE32D9CEAF0AF640A0CA3809D49762021D141CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139442Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:25.936{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=944AB13D2A3DC2BA91FD9F395AE66F63,SHA256=5E763D081FE616439B4BFE31C3B5D4A5685A915EF2B4787C6E22C7DD2E0CFA2A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000121068Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:25.124{49C67628-6224-615D-AF02-00000000FD01}8323840C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000139443Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:26.967{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=272679FD6A7DC6D3107354D7619A1155,SHA256=58D94D5D4FDE14705FCDD921C4E58A09D5A55A2EA393034C632A4DE7593F8CE2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121071Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:26.733{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA2BC4BCE5A62C8E10667B79D356716E,SHA256=81E1BA15A90F2203DF8874B0CC11CBF05793BA5D75FAD0EE56A6F6A524D02DB1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121070Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:26.061{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C0A7B95AEFB2594556C588292CBAD25B,SHA256=0746B6821722E37AD0479382E376DD809736AC07EE0B610323CBB8A9C91D0E0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139444Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:27.967{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5CA1E3FD8A6C534854EDA6306C9BDCA7,SHA256=26F5F4896AA744CE8F16571C5575719B17ACE4666247D6EEF310DCD0AE1F8CF4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121085Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:27.733{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EDF5C0677AACCBD0843AE3F3B9422395,SHA256=931BD5EFE900D0F333CAB8E007E465470143CD5B1872AF0CBADF1320FA536330,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000121084Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:27.030{49C67628-5045-615D-2B00-00000000FD01}28162836C:\Windows\system32\conhost.exe{49C67628-6227-615D-B002-00000000FD01}3476C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121083Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:27.030{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121082Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:27.030{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121081Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:27.030{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121080Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:27.030{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121079Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:27.030{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8fc1|c:\windows\system32\lsm.dll+8eb0|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121078Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:27.030{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8e6f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121077Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:27.030{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121076Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:27.030{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121075Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:27.030{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5044-615D-1F00-00000000FD01}2036C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121074Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:27.030{49C67628-5042-615D-0500-00000000FD01}408528C:\Windows\system32\csrss.exe{49C67628-6227-615D-B002-00000000FD01}3476C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000121073Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:27.030{49C67628-5044-615D-2200-00000000FD01}15803552C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{49C67628-6227-615D-B002-00000000FD01}3476C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000121072Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:27.031{49C67628-6227-615D-B002-00000000FD01}3476C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{49C67628-5043-615D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000139446Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:28.982{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D77B9921469CB76AFDCFBF58DA25CB82,SHA256=CD683DBA3C4B3BED3FB59C83CDD610BE91E2D012A3BCA396E6697808DB07CD55,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121088Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:28.749{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=16AC2386DB1E5D8248321E138C8B60F3,SHA256=4BDE944579627EE6AA199E8840F568DCAE5A2BA1AA95FCC0D3656CA7766B4653,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000139445Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:25.441{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64737-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000121087Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:28.062{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6F90C557FD9F0E07F1A7EB896ABF7D80,SHA256=90E0745FB333BC1C52ABCDF3786E41F72A683A845363A3088732F6B55B2D3ADB,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000121086Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:25.586{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50625-false10.0.1.12-8000- 23542300x8000000000000000139447Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:29.996{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=47F604F0940530E49E9E50708EF0D12D,SHA256=0F547EE4D72BF6B18CC72DFCFDAF01B47331297B51D90DA1F17EF2A524DD7660,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121089Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:29.781{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4D16C64F6BAAA7C4FF0EA9FE9DC5F039,SHA256=09C815C163F9A132C3F624C8D34B4A6F55EE3F9604705D3E131FC02C42472990,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121090Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:30.796{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BB1473DA97E900AC16F00614EA398E3F,SHA256=C52000D17AFB6ADB5FB725B26D8D511FD2FBB21979E6ED2BD1ACD6381E8D13EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121091Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:31.797{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=17AE2A899ED24FB6E9029DED93ABDE5B,SHA256=A8C99D410C3F1AAA5DB195034D9F878A87D62758C6DFC6A38643F43DCA883912,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000139492Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:30.278{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local58105- 23542300x8000000000000000139491Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.950{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139490Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.950{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139489Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.946{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-walMD5=919CBEFF25815482A6CE5B70BF56FF66,SHA256=C0C6F6D62BB55091F2B3CF2E8A835B7572BA9339A59E0343D04FFD52BC5DD2DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139488Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.944{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=395C6B4F926120685F65285A4F6583EA,SHA256=FA659120009AA6A27B6BB444CFBB1F4858C6D5966E6FB56CEB857EADAAECE9DD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000139487Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.892{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-622B-615D-F102-00000000FC01}3352C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139486Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.890{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139485Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.890{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139484Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.889{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139483Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.889{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139482Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.889{6EDEAD03-503F-615D-0500-00000000FC01}408356C:\Windows\system32\csrss.exe{6EDEAD03-622B-615D-F102-00000000FC01}3352C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000139481Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.889{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-622B-615D-F102-00000000FC01}3352C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000139480Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.889{6EDEAD03-622B-615D-F102-00000000FC01}3352C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000139479Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.863{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139478Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.860{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139477Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.844{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-walMD5=B067FA157D2D599EB5C9C62F49CBD518,SHA256=FCFA3E1185926F31B09151BEF6F5956A1E765A190F1260A08E863261DCBE925E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139476Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.835{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=027707B6CE15065AC5E48C774571DAE2,SHA256=45025EE2D44D38DF1387766F924DCAA8CBA4101A1D82126ED886C2393A1AB7E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139475Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.755{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139474Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.751{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139473Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.745{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-walMD5=3324694526F96059F4B92E6338203F8C,SHA256=814E04426F88A3951D9B499668C7EF1FCD13F1B8C20ABC6AADA78A1B8F800F85,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139472Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.743{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=031B4376781DE1FCA8B0032245B80D69,SHA256=D75F1FAD9B68AF52D971D15D5ADDD8E46C1C0EB75576B5CDC78563A78334876F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139471Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.643{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139470Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.636{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139469Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.628{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-walMD5=4144D62D8A0B2398DB15288CD4F2B6DD,SHA256=54CD1FA4658FC220CD676FA2918162354BB0D48B2D76BE4B259CDDBC635CB769,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139468Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.626{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=A287DA09D68DC24FF06E630AA567BB38,SHA256=026E2F9163A3F1E3B074524A6D844FEF9F24CC11C48E6C95B688688A5E9B873D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139467Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.589{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\tmpaddon-86195fMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139466Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.580{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139465Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.566{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139464Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.548{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-walMD5=3E8E865CD225D8F261D063C38B41F5E6,SHA256=CB406BD05C9DE85781A87CDA77DCB7D9612A725A47785E81281D786F70D05FC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139463Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.539{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=C16646F5DF23989150A1819BA75D6E46,SHA256=F3BAA09C3753E482DE9E29A17F73BD6D28B323E0F2DFFC3B66993AD963811689,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139462Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.427{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139461Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.321{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\ADMINI~1\AppData\Local\Temp\2\tmpaddonMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139460Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.181{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139459Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.166{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139458Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.149{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-walMD5=F2537B3E64460DCDC3511F6584599B88,SHA256=2FE354144F10E91B8C4A4E266BE3BF38A18DFCD431CB0471A6F19D579B4553BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139457Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.149{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=5BDA7E81B0061FCEF97F42A5CBB58387,SHA256=095E366D489619F0620190FB0F396A426A45DC2C9DFBE5FC651AF452590A189B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000139456Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.049{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-622B-615D-F002-00000000FC01}5408C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139455Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.049{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139454Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.049{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139453Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.049{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139452Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.049{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139451Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.049{6EDEAD03-503F-615D-0500-00000000FC01}408356C:\Windows\system32\csrss.exe{6EDEAD03-622B-615D-F002-00000000FC01}5408C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000139450Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.049{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-622B-615D-F002-00000000FC01}5408C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000139449Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.050{6EDEAD03-622B-615D-F002-00000000FC01}5408C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000139448Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.018{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=80D065A9BBAD7DD053D688FCE7133251,SHA256=96ED392034079066E85C985AB73A6E0B8EE7D57AFB750762986603E58F33EF3D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121092Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:32.797{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0A83CC9108A2E1C9AEB418A32547C922,SHA256=B23390B2E422F0A45942B0F53F18B3880AC9C8BC12F5BF69F05436A1FF47CA66,IMPHASH=00000000000000000000000000000000falsetrue 22542200x8000000000000000139536Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:30.626{6EDEAD03-61B3-615D-D602-00000000FC01}1892a19.dscg10.akamai.net02a02:26f0:1700:f::1737:a1d3;2a02:26f0:1700:f::1737:a1b9;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000139535Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:30.623{6EDEAD03-61B3-615D-D602-00000000FC01}1892a19.dscg10.akamai.net02.16.218.184;2.16.218.169;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000139534Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:30.621{6EDEAD03-61B3-615D-D602-00000000FC01}1892ciscobinary.openh264.org0type: 5 a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.com;type: 5 a17.rackcdn.com;type: 5 a17.rackcdn.com.mdc.edgesuite.net;type: 5 a19.dscg10.akamai.net;::ffff:2.16.218.169;::ffff:2.16.218.184;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000139533Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:30.538{6EDEAD03-61B3-615D-D602-00000000FC01}1892d2nxq2uap88usk.cloudfront.net02600:9000:21f3:3e00:a:da5e:7900:93a1;2600:9000:21f3:b800:a:da5e:7900:93a1;2600:9000:21f3:c200:a:da5e:7900:93a1;2600:9000:21f3:6800:a:da5e:7900:93a1;2600:9000:21f3:f000:a:da5e:7900:93a1;2600:9000:21f3:4200:a:da5e:7900:93a1;2600:9000:21f3:5000:a:da5e:7900:93a1;2600:9000:21f3:c400:a:da5e:7900:93a1;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000139532Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:30.536{6EDEAD03-61B3-615D-D602-00000000FC01}1892d2nxq2uap88usk.cloudfront.net013.32.29.22;13.32.29.2;13.32.29.31;13.32.29.35;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000139531Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:30.314{6EDEAD03-61B3-615D-D602-00000000FC01}1892prod.balrog.prod.cloudops.mozgcp.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000139530Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:30.313{6EDEAD03-61B3-615D-D602-00000000FC01}1892prod.balrog.prod.cloudops.mozgcp.net035.244.181.201;C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000139529Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:32.929{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=3BF9F4CED06DD81BD7AD1EAA1FF8A9CD,SHA256=99187ECE5D7551636BA9522ABA30EFB4A0B82FCD4DDFC57A08797FDAD4A6D54E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139528Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:32.537{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A2BD4BCF2CB3466D705E8E9153AE18C7,SHA256=DC57085A5795A1CAF086652C7DA7ED316490F300BD40DC2B6AB4D06CFF033677,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139527Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:32.537{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3B219C2D6CAD94377CD23F695D9BCD7E,SHA256=3B541033ED49C11D6C9140170C312B2302FFABD39957A9ACD174DBFD9F6BE6C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139526Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:32.537{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BA3C92A6603908D91978659DD31A0C0E,SHA256=4D0A1229FD748D8C40A741F812DD9710EDCB4A49CA0CABE9261CB4F89C459DE3,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000139525Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:30.623{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64741-false2.16.218.169a2-16-218-169.deploy.static.akamaitechnologies.com80http 354300x8000000000000000139524Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:30.622{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local59152- 354300x8000000000000000139523Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:30.536{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64399- 354300x8000000000000000139522Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:30.534{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57837- 354300x8000000000000000139521Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:30.522{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-60285- 354300x8000000000000000139520Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:30.480{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60285- 354300x8000000000000000139519Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:30.461{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64740-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000139518Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:30.414{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64739-false143.204.209.42server-143-204-209-42.fra53.r.cloudfront.net443https 354300x8000000000000000139517Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:30.314{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64738-false35.244.181.201201.181.244.35.bc.googleusercontent.com443https 354300x8000000000000000139516Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:30.313{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local63061- 354300x8000000000000000139515Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:30.307{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-58105- 23542300x8000000000000000139514Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:32.471{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 18141800x8000000000000000139513Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:45:32.446{6EDEAD03-61B3-615D-D602-00000000FC01}1892\chrome.1892.11.139775144C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000139512Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:32.444{6EDEAD03-61B3-615D-D602-00000000FC01}18926100C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-622C-615D-F202-00000000FC01}5364C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+13527b|C:\Program Files\Mozilla Firefox\xul.dll+12239ed|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000139511Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-ConnectPipe2021-10-06 08:45:32.444{6EDEAD03-61B3-615D-D602-00000000FC01}1892\gecko-crash-server-pipe.1892C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000139510Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:32.360{6EDEAD03-61B3-615D-D602-00000000FC01}18921972C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-622C-615D-F202-00000000FC01}5364C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+a0942f|C:\Program Files\Mozilla Firefox\xul.dll+878864|C:\Program Files\Mozilla Firefox\xul.dll+166d71b|C:\Program Files\Mozilla Firefox\xul.dll+19cd045|C:\Program Files\Mozilla Firefox\xul.dll+13c95|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+13378|C:\Program Files\Mozilla Firefox\xul.dll+9f2211|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139509Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:32.344{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139508Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:32.344{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139507Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:32.344{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139506Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:32.344{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139505Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:32.344{6EDEAD03-538E-615D-FD00-00000000FC01}1004524C:\Windows\system32\csrss.exe{6EDEAD03-622C-615D-F202-00000000FC01}5364C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000139504Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:32.344{6EDEAD03-61B3-615D-D602-00000000FC01}18925908C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-622C-615D-F202-00000000FC01}5364C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+188af|C:\Program Files\Mozilla Firefox\firefox.exe+2f07d|C:\Program Files\Mozilla Firefox\firefox.exe+2e285|C:\Program Files\Mozilla Firefox\xul.dll+1fd1d9a|C:\Program Files\Mozilla Firefox\xul.dll+a04e9a|C:\Program Files\Mozilla Firefox\xul.dll+a03065|C:\Program Files\Mozilla Firefox\xul.dll+a0a25e|C:\Program Files\Mozilla Firefox\xul.dll+8b1df0|C:\Program Files\Mozilla Firefox\xul.dll+167b2d9|C:\Program Files\Mozilla Firefox\xul.dll+2680a|C:\Program Files\Mozilla Firefox\xul.dll+9f4b1f|C:\Program Files\Mozilla Firefox\xul.dll+2660e|C:\Program Files\Mozilla Firefox\xul.dll+8b45d7|C:\Program Files\Mozilla Firefox\nss3.dll+7647d|C:\Program Files\Mozilla Firefox\nss3.dll+8e401|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000139503Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:32.344{6EDEAD03-622C-615D-F202-00000000FC01}5364C:\Program Files\Mozilla Firefox\firefox.exe92.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1892.11.1397751442\1099377948" -parentBuildID 20210922161155 -prefsHandle 4548 -prefMapHandle 3604 -prefsLen 14849 -prefMapSize 235910 -appdir "C:\Program Files\Mozilla Firefox\browser" - 1892 "\\.\pipe\gecko-crash-server-pipe.1892" 7900 1dae6a6a538 socketC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{6EDEAD03-5390-615D-37C9-0C0000000000}0xcc9372LowMD5=DBDB3EFACC3D9039A4F5703662099178,SHA256=534A44A08893AFBE78E04B4CFF80BD00BFC40562A923E8AF38E240227A643FFB,IMPHASH=AECE7B7E776840D7A7255A31B309B7E4{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 17141700x8000000000000000139502Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-CreatePipe2021-10-06 08:45:32.340{6EDEAD03-61B3-615D-D602-00000000FC01}1892\chrome.1892.11.139775144C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000139501Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:32.279{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139500Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:32.274{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139499Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:32.266{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-walMD5=9E1EF1526F1F0E6B79F3E271709525A8,SHA256=0323F8205CF689D1CAF23527E9588D0A8F336145E12B4C6C79F39EF8555FF21D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139498Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:32.260{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B19E364327958B9CBB7DE1CB528EC81B,SHA256=360E650646FCFC6958DA5A82E30A77ADEA27FC67B756BD1AE32576BA5A4DACE9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139497Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:32.181{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139496Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:32.177{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139495Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:32.170{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-walMD5=412A0F1404677F19D11E47EEC6D3BCD6,SHA256=F665AA7EC5B5232BBAD4CB368C07DC2067B4C6700B85C7EE00939002C89FB3E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139494Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:32.162{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=573D031240A45AA8EA29ED08C435B5E1,SHA256=3DF23AA7D20A71519AF6FBEB3C4B6D45A7634EE617880B437C600B598D0E6938,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000139493Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:32.066{6EDEAD03-622B-615D-F102-00000000FC01}33524964C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000121093Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:33.798{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B94B27A91D55BB17CC045B0BD0385341,SHA256=6B467786511107D2DBAB8D39FF868A084CC620639A8A50D503C9458CB0DE585C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139559Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:33.971{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=FEACFAC7B4D56E6CE1F688D7682D5EC2,SHA256=23CBBCB0A49142102A705D8F814BB32061677510D653CD4E0C6984A8308199E4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139558Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:33.718{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\security_state\data.safe.binMD5=554B994142B00E82580C77F0A5F177C1,SHA256=94B4B128F8E30BDB92C86E80557F387F06D6EB733B3CD951EC288E5111A641E9,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000139557Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:30.871{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local60087-false74.125.111.135fra16s57-in-f7.1e100.net443https 354300x8000000000000000139556Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:30.829{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local60086- 354300x8000000000000000139555Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:30.829{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64743-false74.125.111.135fra16s57-in-f7.1e100.net443https 354300x8000000000000000139554Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:30.829{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54804- 354300x8000000000000000139553Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:30.827{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratorudptruefalse10.0.1.14win-dc-676.attackrange.local54105-false142.250.185.238fra16s53-in-f14.1e100.net443https 354300x8000000000000000139552Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:30.826{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54147- 354300x8000000000000000139551Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:30.794{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64742-false142.250.185.238fra16s53-in-f14.1e100.net443https 354300x8000000000000000139550Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:30.790{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local62179- 23542300x8000000000000000139549Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:33.379{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A2BD4BCF2CB3466D705E8E9153AE18C7,SHA256=DC57085A5795A1CAF086652C7DA7ED316490F300BD40DC2B6AB4D06CFF033677,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139548Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:33.177{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8E4881F7734B6EEA2FFC6EF56FC286BC,SHA256=75887E17F46946B048C907644181B73009B9D57957FBB500B9C1479BF181E4B4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000139547Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:33.144{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-622D-615D-F302-00000000FC01}840C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139546Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:33.144{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139545Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:33.144{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139544Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:33.144{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139543Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:33.144{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139542Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:33.144{6EDEAD03-503F-615D-0500-00000000FC01}408404C:\Windows\system32\csrss.exe{6EDEAD03-622D-615D-F302-00000000FC01}840C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000139541Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:33.144{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-622D-615D-F302-00000000FC01}840C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000139540Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:33.145{6EDEAD03-622D-615D-F302-00000000FC01}840C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000139539Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:33.097{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139538Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:33.081{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139537Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:33.013{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-walMD5=3ACA3352778D07C0818915B9C815E6FB,SHA256=8AD62B1E30CE76EAEF5FF455BDDC826601C829BDF933E24E8660126CDF988F4C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121095Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:34.798{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0752D25EA4C1278A13CDD8685E3D39BE,SHA256=07C342DD13AC62480442A16CCA8800286DE49BBA7F13469EEACFBF1992BFAB98,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000139593Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:34.998{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+3a7e21|C:\Program Files\Mozilla Firefox\xul.dll+3a79a4|C:\Program Files\Mozilla Firefox\xul.dll+3a7848|C:\Program Files\Mozilla Firefox\xul.dll+c0dc1b|C:\Program Files\Mozilla Firefox\xul.dll+c069d2|C:\Program Files\Mozilla Firefox\xul.dll+c0c010|C:\Program Files\Mozilla Firefox\xul.dll+c0c76b|C:\Program Files\Mozilla Firefox\xul.dll+39ae11|C:\Program Files\Mozilla Firefox\xul.dll+c0d539|C:\Program Files\Mozilla Firefox\xul.dll+c104f2|C:\Program Files\Mozilla Firefox\xul.dll+c0cf56|C:\Program Files\Mozilla Firefox\xul.dll+39a61b|C:\Program Files\Mozilla Firefox\xul.dll+bedfc3|C:\Program Files\Mozilla Firefox\xul.dll+bed195|C:\Program Files\Mozilla Firefox\xul.dll+bf373b 10341000x8000000000000000139592Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:34.997{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+3a7e21|C:\Program Files\Mozilla Firefox\xul.dll+3a79a4|C:\Program Files\Mozilla Firefox\xul.dll+3a7848|C:\Program Files\Mozilla Firefox\xul.dll+c0dc1b|C:\Program Files\Mozilla Firefox\xul.dll+c069d2|C:\Program Files\Mozilla Firefox\xul.dll+c0c010|C:\Program Files\Mozilla Firefox\xul.dll+c0c76b|C:\Program Files\Mozilla Firefox\xul.dll+39ae11|C:\Program Files\Mozilla Firefox\xul.dll+c0d539|C:\Program Files\Mozilla Firefox\xul.dll+c104f2|C:\Program Files\Mozilla Firefox\xul.dll+c0cf56|C:\Program Files\Mozilla Firefox\xul.dll+39a61b|C:\Program Files\Mozilla Firefox\xul.dll+bedfc3|C:\Program Files\Mozilla Firefox\xul.dll+bed195|C:\Program Files\Mozilla Firefox\xul.dll+bf373b 10341000x8000000000000000139591Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:34.997{6EDEAD03-61B3-615D-D602-00000000FC01}18921640C:\Program Files\Mozilla Firefox\firefox.exe{6EDEAD03-61B5-615D-D902-00000000FC01}1040C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+1b78e1|C:\Program Files\Mozilla Firefox\xul.dll+9f23c4|C:\Program Files\Mozilla Firefox\xul.dll+b873b1|C:\Program Files\Mozilla Firefox\xul.dll+b635c3|C:\Program Files\Mozilla Firefox\xul.dll+b63777|C:\Program Files\Mozilla Firefox\xul.dll+b872cf|C:\Program Files\Mozilla Firefox\xul.dll+bf8745|C:\Program Files\Mozilla Firefox\xul.dll+3a7e21|C:\Program Files\Mozilla Firefox\xul.dll+3a79a4|C:\Program Files\Mozilla Firefox\xul.dll+3a7848|C:\Program Files\Mozilla Firefox\xul.dll+c0dc1b|C:\Program Files\Mozilla Firefox\xul.dll+c069d2|C:\Program Files\Mozilla Firefox\xul.dll+c0c010|C:\Program Files\Mozilla Firefox\xul.dll+c0c76b|C:\Program Files\Mozilla Firefox\xul.dll+39ae11|C:\Program Files\Mozilla Firefox\xul.dll+c0d539|C:\Program Files\Mozilla Firefox\xul.dll+c104f2|C:\Program Files\Mozilla Firefox\xul.dll+c0cf56|C:\Program Files\Mozilla Firefox\xul.dll+39a61b|C:\Program Files\Mozilla Firefox\xul.dll+bedfc3|C:\Program Files\Mozilla Firefox\xul.dll+bed195|C:\Program Files\Mozilla Firefox\xul.dll+bf373b 10341000x8000000000000000139590Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:34.895{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-622E-615D-F502-00000000FC01}6068C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139589Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:34.892{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139588Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:34.892{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139587Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:34.892{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139586Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:34.891{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139585Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:34.891{6EDEAD03-503F-615D-0500-00000000FC01}408356C:\Windows\system32\csrss.exe{6EDEAD03-622E-615D-F502-00000000FC01}6068C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000139584Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:34.891{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-622E-615D-F502-00000000FC01}6068C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000139583Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:34.891{6EDEAD03-622E-615D-F502-00000000FC01}6068C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000139582Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:34.739{6EDEAD03-622E-615D-F402-00000000FC01}58085944C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000139581Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:32.839{6EDEAD03-503F-615D-0B00-00000000FC01}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64746-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000139580Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:32.839{6EDEAD03-504E-615D-2700-00000000FC01}2916C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local64746-true0:0:0:0:0:0:0:1win-dc-676.attackrange.local389ldap 354300x8000000000000000139579Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:32.655{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local54592- 354300x8000000000000000139578Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:32.655{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local57002- 354300x8000000000000000139577Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:32.545{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64745-false13.32.29.35server-13-32-29-35.fra56.r.cloudfront.net443https 354300x8000000000000000139576Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:32.428{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64744-false143.204.209.42server-143-204-209-42.fra53.r.cloudfront.net443https 354300x8000000000000000139575Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:31.653{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local56242- 23542300x8000000000000000139574Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:34.526{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3E2496C0913AE7C5112BA007FBA42136,SHA256=250C7D963A05A32466FE68330829C6EE2C9830ED57EC85A9A56DA6E4A477CB6C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000139573Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:34.376{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-622E-615D-F402-00000000FC01}5808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139572Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:34.371{6EDEAD03-503F-615D-0500-00000000FC01}408404C:\Windows\system32\csrss.exe{6EDEAD03-622E-615D-F402-00000000FC01}5808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000139571Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:34.372{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139570Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:34.372{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139569Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:34.372{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139568Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:34.372{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139567Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:34.371{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-622E-615D-F402-00000000FC01}5808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000139566Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:34.371{6EDEAD03-622E-615D-F402-00000000FC01}5808C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000139565Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:34.233{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139564Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:34.086{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5792B98B07E69DBD2127A7D98731799F,SHA256=0B609CA676648944750FBBE10E2C398748E353532F3E9D3BCFEC038C3D007BDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139563Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:34.086{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\security_state\data.safe.binMD5=A6BCFEFF47A877609E81B2E8B8E9A3AB,SHA256=CB0FF0B0D79445D42EE8CD639EC08CD2ABFB4EB2F78D44BD1D2287450C0E4C22,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000121094Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:31.571{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50626-false10.0.1.12-8000- 23542300x8000000000000000139562Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:34.033{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139561Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:34.033{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139560Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:34.002{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-walMD5=81D91EF1053D8847CE9DE3B21D572619,SHA256=B8939AE8A7709B52AE40F0CC4EDDE97C5B24CF8971FADBFD0C4B1248D8CAF0F5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121096Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:35.799{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FDA75671D372AF3A3BC9183268831D15,SHA256=4ABC1496EFEAA0781E708B711ED72308D306E68BEF020EA5BDF0550E85412275,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139622Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:35.894{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=64FB18E5B4F69968E09F85B2AB1274A2,SHA256=2D1C73ACF75D86FEE866A92507B3DE65CD115447A1115FF0BF00D06CCC4A1914,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000139621Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:35.740{6EDEAD03-622F-615D-F602-00000000FC01}28681740C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139620Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:35.575{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-622F-615D-F602-00000000FC01}2868C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139619Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:35.573{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139618Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:35.573{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139617Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:35.573{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139616Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:35.572{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139615Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:35.572{6EDEAD03-503F-615D-0500-00000000FC01}408524C:\Windows\system32\csrss.exe{6EDEAD03-622F-615D-F602-00000000FC01}2868C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000139614Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:35.572{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-622F-615D-F602-00000000FC01}2868C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000139613Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:35.571{6EDEAD03-622F-615D-F602-00000000FC01}2868C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000139612Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:33.680{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64758-false13.32.121.5server-13-32-121-5.fra60.r.cloudfront.net443https 354300x8000000000000000139611Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:33.679{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64757-false13.32.121.5server-13-32-121-5.fra60.r.cloudfront.net443https 354300x8000000000000000139610Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:33.679{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64756-false13.32.121.5server-13-32-121-5.fra60.r.cloudfront.net443https 354300x8000000000000000139609Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:33.668{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64755-false13.32.121.5server-13-32-121-5.fra60.r.cloudfront.net443https 354300x8000000000000000139608Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:33.668{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64754-false13.32.121.5server-13-32-121-5.fra60.r.cloudfront.net443https 354300x8000000000000000139607Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:33.663{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64753-false13.32.121.5server-13-32-121-5.fra60.r.cloudfront.net443https 354300x8000000000000000139606Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:33.660{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local63564- 354300x8000000000000000139605Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:33.654{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local61041- 354300x8000000000000000139604Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:33.645{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-676.attackrange.local62660- 354300x8000000000000000139603Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:33.644{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64752-false143.204.209.42server-143-204-209-42.fra53.r.cloudfront.net443https 354300x8000000000000000139602Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:33.644{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64750-false143.204.209.42server-143-204-209-42.fra53.r.cloudfront.net443https 354300x8000000000000000139601Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:33.644{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64751-false143.204.209.42server-143-204-209-42.fra53.r.cloudfront.net443https 354300x8000000000000000139600Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:33.643{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64749-false143.204.209.42server-143-204-209-42.fra53.r.cloudfront.net443https 354300x8000000000000000139599Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:33.643{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64748-false143.204.209.42server-143-204-209-42.fra53.r.cloudfront.net443https 354300x8000000000000000139598Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:33.368{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-676.attackrange.local64747-false143.204.209.42server-143-204-209-42.fra53.r.cloudfront.net443https 23542300x8000000000000000139597Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:35.279{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DA22CDA58B292EEF343071866BCACC3A,SHA256=BBF41F6FE0CC5E69CE9808F7607A128056A230734FB4F4B0D9DF90FAB3BDD852,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000139596Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:35.050{6EDEAD03-622E-615D-F502-00000000FC01}60682304C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139595Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:35.009{6EDEAD03-5391-615D-0E01-00000000FC01}48004908C:\Windows\Explorer.EXE{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+6497|C:\Windows\System32\SHCORE.dll+6387|C:\Windows\System32\SHCORE.dll+62fd|C:\Windows\System32\SHCORE.dll+620a|C:\Windows\System32\SHELL32.dll+55a10|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802E005F8A8)|UNKNOWN(FFFFC265F6CA5B48)|UNKNOWN(FFFFC265F6CA5CC7)|UNKNOWN(FFFFC265F6CA0351)|UNKNOWN(FFFFC265F6CA1D1A)|UNKNOWN(FFFFC265F6C9FFD6)|UNKNOWN(FFFFF802DFD77103)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5927b|C:\Windows\System32\SHELL32.dll+dac2a|C:\Windows\System32\SHCORE.dll+33fad 10341000x8000000000000000139594Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:35.009{6EDEAD03-5391-615D-0E01-00000000FC01}48004908C:\Windows\Explorer.EXE{6EDEAD03-61B3-615D-D602-00000000FC01}1892C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHCORE.dll+64c8|C:\Windows\System32\SHCORE.dll+1c0e5|C:\Windows\System32\SHELL32.dll+554f1|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF802E005F8A8)|UNKNOWN(FFFFC265F6CA5B48)|UNKNOWN(FFFFC265F6CA5CC7)|UNKNOWN(FFFFC265F6CA0351)|UNKNOWN(FFFFC265F6CA1D1A)|UNKNOWN(FFFFC265F6C9FFD6)|UNKNOWN(FFFFF802DFD77103)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\System32\SHELL32.dll+5927b|C:\Windows\System32\SHELL32.dll+dac2a|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000121097Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:36.799{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD63A22C9AF699816A845F965D87CC35,SHA256=88A44E3D901A26519C00D43821F868D4D9A03741F00D6389EFB6DAE498E3CB73,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139624Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:36.330{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\cache2\doomed\970MD5=304D8E055B9236AFCA391EDC40494B6A,SHA256=A9D22A722F33B8F711F5B1A95D711131C2E4F3B33E998100379B2D7F92DF6399,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139623Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:36.298{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B43368548DA39CB956752198A08295B,SHA256=8AD797996DE4FECED8E5729BAF699EF128AE38FEDF7B359C2DB5C562ED4219A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121098Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:37.800{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0565972D1022FB0F3CED44B0846027A8,SHA256=76927E6F6BD59FB875E9C0609CB1910FC5AE25688948B42738C6040355D96BA6,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000139634Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:37.616{6EDEAD03-5050-615D-3700-00000000FC01}33763396C:\Windows\system32\conhost.exe{6EDEAD03-6231-615D-F702-00000000FC01}5736C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139633Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:37.614{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139632Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:37.614{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139631Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:37.614{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139630Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:37.613{6EDEAD03-5041-615D-0C00-00000000FC01}8285752C:\Windows\system32\svchost.exe{6EDEAD03-504E-615D-2D00-00000000FC01}2348C:\Windows\sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000139629Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:37.613{6EDEAD03-503F-615D-0500-00000000FC01}408356C:\Windows\system32\csrss.exe{6EDEAD03-6231-615D-F702-00000000FC01}5736C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000139628Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:37.613{6EDEAD03-504E-615D-3000-00000000FC01}24483364C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{6EDEAD03-6231-615D-F702-00000000FC01}5736C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000139627Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:37.613{6EDEAD03-6231-615D-F702-00000000FC01}5736C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{6EDEAD03-503F-615D-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{6EDEAD03-504E-615D-3000-00000000FC01}2448C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000139626Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:37.408{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=836512380FDDCBF30E9E4953E82C74CD,SHA256=81A70F9895CACD19397813CAB8D5ABC26FD5B70A05D2FD6F34EA587C5089C6B9,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000139625Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:35.534{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64759-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000121099Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:38.800{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=02DF4A7025DE3D3E8AD77B01A7010102,SHA256=D2360A9BF293DEA9E1A2B7DAFBEB2CF3B251D5442650EE01270BE98232FB6144,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139641Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:38.616{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FE2F76ADD3BE6FC9600FC3A131D9EB04,SHA256=CFAA521DA73AE2DA2608E27C453959CC2FE8A225118224BE2B1B927AA1FB5AF1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139640Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:38.415{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=49D32ECB10ABFC08265566188B8E9C8F,SHA256=864C3E7A0A07AE720CB349F0F8E01FC49A57A3D374E2B2428CA6E3FE9565DFB8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139639Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:38.227{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\security_state\data.safe.binMD5=5838EB30009690D9DDFEA609EDACFB05,SHA256=6907AEBFD38B5B87C365AAE892A891E9344C4C9B3DDF781E9E7197D74BEF23B7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139638Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:38.222{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\cache2\doomed\10624MD5=F1DA695BA30C58CAFF37F2A6644EDA0F,SHA256=29867E5419F619033D4357A1CB6FBB2ADFA1E703CCE983E1E7ABA8D4B537760D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139637Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:38.221{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\cache2\doomed\20451MD5=C1C6E27B461C293EFE5F77DD8773A824,SHA256=55B51A4D99C6E684A5E3B530E4F015E39FB998ED8B39060538B7F37B907ACF6E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139636Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:38.220{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\cache2\doomed\3401MD5=E41A95C7AF1607084BDDDECA1DA56477,SHA256=3043A27B9784B41EFFFDC07312055764A8AA7DEFC4D46B7BDD6F6B5B53373E54,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139635Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:38.218{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\zjui0e9d.default-release\cache2\doomed\19936MD5=7FDEE2E717E5AFBFD00927DCDA87F5B9,SHA256=5E09442B6AE043F7820BF14B3C3A612B7EB1D04DD3FACD4C332FC87E7F13821A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121101Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:39.801{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=60E0B3DA2D33ED13A806A42699F8E2E8,SHA256=8A2B3497BC6ED8E6C7F1F90B6532387501F72123DDD0825F53D24AC356B2C5D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139642Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:39.420{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=68A526F778F65170C62AB0D3357017DF,SHA256=55EACDCCAB434C7F1B545596397CF439101EFB2D200893CACC02A25D0A293203,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000121100Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:36.761{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50627-false10.0.1.12-8000- 23542300x8000000000000000121102Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:40.801{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FF6A0887C55A822C0FE967AC9C05B727,SHA256=4A203881125EDA534C23825D7E9F0DA18B9FDA99F3268D07BBB2D5F3CA02BF8A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139643Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:40.439{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5C533DF33E7AC13BC45970FA027C83BC,SHA256=6FA2EB6A2BF9EA41A049724FD4FA0B87E6F9E3E53893667A4D6ECF27A44AB367,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121106Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:41.801{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=35238E8AFF8D2E3CC801CA7305F7E9FF,SHA256=A68617CCE8AA8C1931F90FA43DB93002E2B0F35B5D802D0A1C884995C8944D62,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139644Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:41.449{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=40944E2198828D621730CA70D279666E,SHA256=E135754718706EB92D82223321887B64057663424D20FF84A63D951CD76CFB00,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000121105Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:41.129{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5042-615D-0B00-00000000FD01}628C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121104Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:41.129{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5042-615D-0B00-00000000FD01}628C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121103Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:41.129{49C67628-5042-615D-0B00-00000000FD01}6282420C:\Windows\system32\lsass.exe{49C67628-5042-615D-0A00-00000000FD01}620C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a16d|C:\Windows\system32\lsasrv.dll+2704b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000121109Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:42.802{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3DF06CBF3FB6CDF8E33BFF7748C0DE1A,SHA256=8C55B48D1626B02C1169872511C805477594E1D3922D69BCEE900E10876042A4,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000139648Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:40.569{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.15-52798- 354300x8000000000000000139647Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:40.568{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.15-61137- 354300x8000000000000000139646Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:40.568{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.15-49375- 23542300x8000000000000000139645Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:42.454{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B56244D9885E0ED8EB091858D9EE4BAB,SHA256=CC789C29B582EB19DD01D57EEB53F034B779DF472C8F6F0326133615E0FA0468,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121108Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:42.161{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=2BA6D87A2BAB4E9F1D9B92304DF68407,SHA256=292A03F3BBEAFAD5B20A674DC55F03C324FE48FA94C2478C3DDFDA0738B2C613,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121107Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:42.161{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=F30D66F7D9CF0E19C08352D927C8C37D,SHA256=75C68969FF15783400C14ABD581C9546A0E0B61D2017AB3EAC7087E4D4C28A4B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121111Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:43.802{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=791EE2AB7E33725CB649644F6D070A2D,SHA256=916EA50B0AABDACD1C1684E4C3D6377B492FE5749CA1ADDDF628A9BF44076633,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139649Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:43.471{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AF557E075328DD41A9A0B8CC4892B4AC,SHA256=065C392AE2F66A9A59974930A428C67E433E8FAD7C8364AF1316B5FF8E3AC496,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000121110Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:40.668{49C67628-5043-615D-1700-00000000FD01}1244C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50628-false8.253.204.249-80http 23542300x8000000000000000121113Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:44.803{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A1663BE43D3B8B050E0D8CFFEA01CA8D,SHA256=D17931DF2084F7C877AB4C44B49078A80488F7EB5E1795CBA3FFDE9AADA7901E,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000139652Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:41.374{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64760-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000139651Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:44.503{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E514B1639BE1F31A8045F92410EF10E5,SHA256=5ABDD0D49A67B0D1265FEC9A9288432C97315AD54048DE7E41B9E70A709F2E53,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121112Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:44.396{49C67628-5044-615D-2200-00000000FD01}1580NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=77A3FAE6E3D081057742F67BE17D48F0,SHA256=B45196262D41012541FDA928C2D6D89C531ACA10A8054FE8E2047913CDE27561,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139650Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:44.219{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121116Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:45.803{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=07754A128E48B2C37DC3E3DE2D894A4F,SHA256=977CC596A568FF8D532165C9EBDB269378B3462C56AC268F261BD22236D0E5E6,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000139654Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:42.794{6EDEAD03-504E-615D-2F00-00000000FC01}2412C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.14win-dc-676.attackrange.local53domainfalse10.0.1.15-55379- 23542300x8000000000000000139653Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:45.533{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7A3320D27ACB6B71398B7014EB2B096B,SHA256=887EF3C419FE351F9C59A345EE6A885D1DA075259DECACF2E4077EEFE8A57476,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000121115Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:43.905{49C67628-5044-615D-2200-00000000FD01}1580C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50630-false10.0.1.12-8089- 354300x8000000000000000121114Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:42.530{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50629-false10.0.1.12-8000- 23542300x8000000000000000121117Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:46.804{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7E99E3BCB5FCC4D026DC196E7181AD13,SHA256=F3FE84109D2DEAC1E5DAD467A0784D351CD099988C06248431965B09929024A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139655Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:46.566{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=542481AF1EEDF25A8273F3D4CB6F959C,SHA256=9D26EB21D2D63A5D73492C8FFD41EAF7156468BA8A1685E335220DBF9D82668A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121118Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:47.804{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7A2A6AE3EDE7629A5247903B3F4CE062,SHA256=2EE5FF1C78639BD836C24523E4AFF382E4DE1CEB28A0B6FBD4F71A021CDDA5F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139656Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:47.569{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7B0111EA607031BD7C6CD9B46AFFA018,SHA256=8EA302D09487CA724D4CE3CA3CC3BE5F715735DEF17D2CD50850CEA359AFA643,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121119Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:48.805{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C28B6111CFD4555716CABE5F2739A23,SHA256=6AD326F4720AD7F7531AEB593AD777362C8020F66ECC0A20DB2C21B54E6E6B06,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000139658Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:46.474{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64761-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000139657Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:48.584{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D6884BF9B0DA3B0B27373CCD1E553433,SHA256=AD26E6C2734889BB6972BE73D6A944837FAC82E5B1A8527FA94DC4E2EC334B5A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121120Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:49.805{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=126A695E9ED3359D91314337FFEEE385,SHA256=9EB1CC0726049B96D1B4944C3D08E0EF6B71E525C561B60CF3AF464DE3A5C95B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139659Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:49.615{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FF4061EAC03EF18C7D083AB94FDE131D,SHA256=1BD6D62D8976B8FC4ABBC29E3169F4CD19ACB9F6F61BAA6488ABB8C35376565A,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000121122Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:47.595{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50631-false10.0.1.12-8000- 23542300x8000000000000000121121Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:50.816{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F5EED1DBBF4A48BAB24CC4C016CF823C,SHA256=EB7C2E3C8CA6D5BB0E6461ECFD343EC94BE579ACACBE47D542D46A0B3479B743,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139661Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:50.830{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=6B5892E92EBC917036D6163806ED52F7,SHA256=BC92A9B5BB1A71AD990C34DE8EC09E867569110B469686785F4319584EC5AEB0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139660Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:50.630{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1E03A46CB0562B64923F846AE7044694,SHA256=CFF09313712089D3699259FE7D9A1025A4E8DDEB256C1FBEABC8ED8F134206E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121123Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:51.831{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E43D599B5665195F401337B73F2DAF03,SHA256=443A62C856FD3C45FC4171E538136D1C8A79FE11EA95242B58F03A6C5A32E8C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139662Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:51.663{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CFD424CA3DB3EF2609D3F37DA812C89A,SHA256=6142E5119C44C6D7178671B47526AD1F2615FE1AFD5E421A15C294FAA5B5B780,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121124Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:52.831{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C74DB8C52E8DDAA3E88F815E142A5AAC,SHA256=C7485227F507F3F67C5E8B3D54BFB0CB64885B61EEF4FD2F0FF9488E378F5F2E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139663Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:52.681{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A2A119C530434D54667561D1135AAD90,SHA256=2E7D9BF7AE69560802F7C734E5B0B2C308EE9DDB836B8692F557DC2A9F6A4107,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121125Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:53.847{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3C2F8C8FC424ACA76A2A72B0A3B9D103,SHA256=86E4AA593F1FAD7BEDEAC0C8382A4790192624AD084B3672D8CDF46C69FD4340,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000139665Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:51.524{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64762-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000139664Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:53.712{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AB6D13C1E1220BDCD420A437B60D4DB4,SHA256=6BB63D8837C76B2396369C540DA48670D7F1D51D3F33F31660D12A665C40F99F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121126Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:54.862{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=81B51B34720013C139E71398CFE57F8F,SHA256=4D2B2060FC44B4496F860BC8EA0BE8D26016FC43D272D83D6EF4F88ABB070BC9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139666Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:54.726{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F5C23CE0C96B22B8AA8F45EB31EA9DC,SHA256=5897AEB9BCDB4A90576AE8A38A3FBCD44899615B459A8A35D89020A1AD688BB9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121128Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:55.878{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B43F0AFF2FEB2A2571F1C47BE0331297,SHA256=736957E43EEBB2E7318C6A16318DF033AB7BB166916B5D35D745B6D08220F7CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139667Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:55.761{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A8FBD07A8C10C0F941195F717DA30C5B,SHA256=7321DFBCD556C6CFE049C65BFE9B7C4BD6400CABD190C57761F194CEA2345056,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000121127Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:52.762{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50632-false10.0.1.12-8000- 23542300x8000000000000000139668Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:56.779{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=57983C15A6E72F63670A5B5755E71171,SHA256=D9646ABC270D9B22FAFD4C1D1CFBD43BF081AFE5399F9392D7EF73F71DCBAF3D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139669Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:57.794{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BD5877544AFE69C44FAE792CFA234516,SHA256=631EE3F9CA00996A8C354E221FA3E48F3780D1025A35CC9C92DD6A250322C3ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121129Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:57.112{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=902DCC46551DFDB0CB1D2C05AC767B33,SHA256=5D1ED484E5D047A886A6C0206E3802079C783F058D64ACDA18929B2A74BF755A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139676Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:58.825{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=927EA0564F742EE37DBD6A88FC788F9D,SHA256=8042FAA361A37223137F902338F89BE83196F4E492F4690B87F38AD22D150DB6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121130Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:58.143{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C8B4023EA3B1453C39FF543476BEB9D7,SHA256=FD1D6C63FF69FB70F773ABF5AD8F897351B91A0D20DCF5ED3ACBB3E4FF5DFF1F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139675Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:58.794{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=CDB286F4B63758667631B676754A3816,SHA256=6724B16C70FBDD50C25FE835582EAAF14EEDCE9D2077FC1A480C6DF135ECA9BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139674Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:58.794{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=F789CC1C0A337CBD0913B46762AF236E,SHA256=FD0DF092D52271138B5B425F08126EB822584C301C9A15F4504D30061AD304B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139673Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:58.794{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=32049834620C92FD2B498A44BB34CF80,SHA256=934A78FABCCCE58549FFF7058E6E0024DB2C9D26245CFA950ADAC8B7F4D8F529,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139672Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:58.794{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=B95D45E821EA7E7CCC79092B1DEBC13B,SHA256=587662058500E7E738A0DBB7087B26D08FC11C1A52C8FA3DB061DAD16569E5C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139671Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:58.794{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=F6B70B4DB6E0F2BB70553B4C0EE37CB8,SHA256=8D3DFC1DE6F1B156A207AA110A548156C86D16730A9178CC03EE861BD3A5F222,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139670Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:58.794{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\datareporting\glean\db\data.safe.binMD5=B53FF158D67100D643DEAC1561457DE9,SHA256=B1BA8DA31C3902F7B7960134EE56BCAF48579E64FB29E3C48BB64C74E3EAA8B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139677Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:59.840{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0A442A2A7D78C966FC7E216589B605A6,SHA256=C9D20B7D31C4ACE85A9E4BE58097205C610287F04AECCE801BD9A07C1C4CE2F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121131Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:59.159{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=782DCC172102A351ACA04B5997E22D77,SHA256=A8E0450593FE857177E9BF82E59CFACD6B4FF7526AC56B50BFB02BBDF0223E6C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139679Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:46:00.840{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1E9D3FBF8BC1687BF401B757FE6A5FB2,SHA256=EFCEBC8E668C1F0E0AF12C8FED98D59FC6C0442BF75910DCE2548CC3EB107322,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121132Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:46:00.175{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=253086CD439C9DF48C7D11A3411BD292,SHA256=C568AFF176B02DADE0B7EF1DBA8C1FBFC222E42EA32682175B11001B69C2B4E1,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000139678Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:45:57.520{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64763-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000139680Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:46:01.857{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F3D92BAF85A02BC2D25219065A11F7DE,SHA256=6CBF949F7A427A559EF5C48D7D4C834DC1FFC3BA9526E02AE5244C2AC128D438,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000121134Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:45:58.652{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50633-false10.0.1.12-8000- 23542300x8000000000000000121133Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:46:01.237{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=178AC6C4B44620C8482C5F1DD78FE15D,SHA256=94DC046F18BC446EE1EDB98C7C61894D29AF7AD8BC734981BA54C8EF5DEEB4F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139681Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:46:02.876{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FBE7AE6123314FA954E69B4A0E8D07AE,SHA256=AE3D7E2DBCA37A5FE16B0C7BB4F7854CC621B4DFCB6983183FAE377208806730,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121135Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:46:02.331{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9DA689833B3F453D171FB0290C6588A0,SHA256=DD38B9CB8942444C8CE10122A917BC3F68F272645368F12DF714733763CC50D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139683Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:46:03.922{6EDEAD03-61B3-615D-D602-00000000FC01}1892ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zjui0e9d.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139682Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:46:03.890{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C6ABFBC85DFE45EE74BC194CE1F45CEA,SHA256=5339ADBC6C5D78BDC6751D16F3488A182690C80F0BB1EE049508E834F8A8D28D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121136Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:46:03.393{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=52B8E17285A4C7B8399E918BB4FABA2B,SHA256=2D7B4562458415365008F461929B4011565F2522773537102DBEDDAF2C0E1CA8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139684Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:46:04.906{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C4561F822F9A55EFDA8FAC3C924DAC6B,SHA256=131E7A4C7D8000B9A7F8DF10B16DFACBB14CC238AB1B355B068CD3E1924EF4EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121138Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:46:04.616{49C67628-5044-615D-1A00-00000000FD01}1860NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\respondent-20211006072910-074MD5=266A8C17E3E1B8A0B29A8C5E77CA200E,SHA256=01EFC44F32696762DC9319663F7889EF6AAFD7A8B30AE6A823FD17BD5EE43D66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121137Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:46:04.410{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=30698688FE16F80510BB10F1F7C27D87,SHA256=7A3331EC9A815289D888D34110A9208E7CE0718B7FBD6DD8B520C24C9F952E95,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139686Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:46:05.921{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=40F7BE65AC0722CB5601DD3EFCD37636,SHA256=80F5DA9D043788A87CAF0B806D8EC778A96E655DEB6C1F2930B57157AD763DB1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121140Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:46:05.614{49C67628-5044-615D-1A00-00000000FD01}1860NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-04b3958ebc31dc11b\channels\health\surveyor-20211006072908-075MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121139Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:46:05.426{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B72AA79FD9CFAECAF85B9AA2CA2C396E,SHA256=DFFF0CA10784ABE35935DEA5B8362C0B547B9BCBF0E67C3B9594EFAD69EEF6FB,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000139685Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:46:02.533{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64764-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000139687Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:46:06.935{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=112C00DD3E63FE40EA10A42E39030DE7,SHA256=0FA3818955D46B639081655EE2A8D5FFEE8AEBCDDC2E60511C7D2FDAAA9EEF6A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121141Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:46:06.443{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6B1AD367B307DB3EC47C8108F01E2C09,SHA256=FCA9E36516CEFE79327B201D86D3A20C74D4415DB2C56A7640370B8F0C8AC331,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139689Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:46:07.953{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F415E7A0A097D97ECD13C59DD11B73DE,SHA256=F55EFC8600DFCCA46433BDEA0749AFFF2F944BE25C7B23CD2B3449391C432F55,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121143Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:46:07.458{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6CA32DD920EDACC38269E4836138F93C,SHA256=3732FC715215287CAF7759CAB07716C594C493C1C6B859E6B58E4DF172352041,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139688Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:46:07.073{6EDEAD03-5041-615D-1100-00000000FC01}380NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=3B5D58801EBF89B5116AF68F9432B2C1,SHA256=740A729D84F6F7D90047581135FF3175D188F38FF740B4A796C4277F6033EF60,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000121142Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:46:04.654{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50634-false10.0.1.12-8000- 23542300x8000000000000000139690Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:46:08.971{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5A1C3A093F2526D9A05D6A0CC44845E6,SHA256=F7494C694122EA8C00716248B2BE924382B071E8678354B44ECF4D7E92FABC52,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121145Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:46:08.833{49C67628-5043-615D-1200-00000000FD01}1012NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=E2D8FE576278E91C65D448B05F4D3721,SHA256=475ED3B992B6F495C2FC7C04EDD02073D3342159DC2C81BBCAC2099B25456C12,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121144Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:46:08.537{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=480BC92820238C31344FB67C386586D7,SHA256=C6CA6ECA5C02506FFD3F0E7FFDCC8D0E82FDBC35732F438B8E386B4D07F5B135,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121146Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:46:09.755{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AF2E4CE87FA485FD279CC43E231CC31D,SHA256=3EFCB43FCED46956B2493004037F07E66E27ACEC8D69706F9DBE29FAD85F9705,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121147Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:46:10.765{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6C39F0170114BFFD6C817F95A441BC3F,SHA256=5391158B086EAFC6BDBD2033AE54D8D1F03E8451E1B8060161EF24BA57DE2FCC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139691Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:46:10.002{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=91A69DBD1401BDF8CA38DE65B05ACC49,SHA256=D9F3FC01FDD93CCBAD58EF1A261BB9ABB8FAA52569ED21095BAE1A104C84F02B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121151Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:46:11.781{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9068F949200CF00F6E0055C8AD674A36,SHA256=17B6DF8446AE0897D833663C486F08469AC9EC90452788973414B651C3A924D0,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000139693Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:46:08.575{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64765-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000139692Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:46:11.017{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3EC297A38128AD62711A152AF2DC3C88,SHA256=B476D248B4812F1A42C308940F6ABCABF0A34EACF4CA3D000A415B2E5A099323,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000121150Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:46:11.140{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5043-615D-1400-00000000FD01}1080C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121149Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:46:11.140{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5043-615D-1400-00000000FD01}1080C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000121148Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:46:11.140{49C67628-5043-615D-0C00-00000000FD01}728860C:\Windows\system32\svchost.exe{49C67628-5043-615D-1400-00000000FD01}1080C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000121153Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:46:12.812{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BD1346351FA87D03B5BA2E2CB46C8E73,SHA256=2391FB3E21619C1DC2E8F9DC56E78208D499BF87FFF429B47523DCE9C312BAB3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139694Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:46:12.033{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BDC756F598EE2E02642EA57EDB747D0E,SHA256=AAB9C5A1B7481C2C221D5817BA14FF3514EB8B0E803389F56E78681190E9DEB6,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000121152Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:46:09.764{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50635-false10.0.1.12-8000- 23542300x8000000000000000121154Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:46:13.828{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EBBBBA29AAF7627BEFCB30946217A8A9,SHA256=0E4F57DE4AB2405765222478E5737ACAE1B38A5CA22F94E3C25BC9B55C2A23E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139695Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:46:13.051{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A72298421547FC9B81BEADB08E796FF3,SHA256=E6146ACF995EF8679F8B2856580AA410F7415AFFD23A4ED6753539A13985D3DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121155Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:46:14.843{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5294B93EC81872D3CFDD8C9119643216,SHA256=DC421AFA763B808A1E1B1AF063B515CA1B257C78B97B72BA8F632C560334F95F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139696Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:46:14.069{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=45999A7277E2B8BB0A2AAEAC7EA39796,SHA256=B21FF3E568071F0A869C911DC487F625A55692F167855E58D32104E48AA240F4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121156Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:46:15.875{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4F457E1959D8A3B2BDD0D7CF2AF3F4BC,SHA256=1D321D8FFED50CD18DDC294ECD573C5052F9A8485507827C7200BAA35BE1EBE8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139698Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:46:15.370{6EDEAD03-504E-615D-2800-00000000FC01}2924NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\respondent-20211006072921-074MD5=58D52BFFD80488B8005F7C319C2D4334,SHA256=B9D8441D1BC2ED8425146F5F211E2A21C477807F4E0B7EBAD9811C868FAB9279,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139697Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:46:15.100{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EA514D7BF989A346B448F2B07241C381,SHA256=8383ED7D826121697E1EAE5B3C949E80BC20F0462466214E8D539D597152EFDC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000121157Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:46:16.968{49C67628-5056-615D-7000-00000000FD01}3184NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4A7A5A6782048FF04E36594FFDAD9836,SHA256=FA3F932CC4B64DD84D7A539A7458076F67F06EB45751CDA5B05344E2293BB62C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000139701Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:46:16.385{6EDEAD03-504E-615D-2800-00000000FC01}2924NT AUTHORITY\SYSTEMC:\Program Files\Amazon\SSM\amazon-ssm-agent.exeC:\ProgramData\Amazon\SSM\InstanceData\i-00ade5b11017bd16f\channels\health\surveyor-20211006072919-075MD5=97EF2A570B75C4F95FC69B0D09A2E2A2,SHA256=11396EA313B0ED7E3228C4FA92ABE9D836DB8F416A7A8A28ACC77133025082E7,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000139700Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:46:14.498{6EDEAD03-5059-615D-6E00-00000000FC01}3576C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-676.attackrange.local64766-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000139699Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:46:16.131{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=92B112908448FF50A4FFA8E80A2983AA,SHA256=B04242E31C8008E97D9716D72100BAD78FD6276A4677806DBB85F72752913ADC,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000121158Microsoft-Windows-Sysmon/Operationalwin-host-340-2021-10-06 08:46:15.526{49C67628-504F-615D-6700-00000000FD01}3884C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.15win-host-340.eu-central-1.compute.internal50636-false10.0.1.12-8000- 23542300x8000000000000000139702Microsoft-Windows-Sysmon/Operationalwin-dc-676.attackrange.local-2021-10-06 08:46:17.131{6EDEAD03-5061-615D-7700-00000000FC01}3748NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=98C1F556344DB306F4A1E0CA9E7E8FB3,SHA256=6FDA469C39330A28F9FC5CA306252202E4E368016FFB015743E6328B90CB79B4,IMPHASH=00000000000000000000000000000000falsetrue